github.com/aavshr/aws-sdk-go@v1.41.3/service/organizations/api.go (about) 1 // Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3 package organizations 4 5 import ( 6 "fmt" 7 "time" 8 9 "github.com/aavshr/aws-sdk-go/aws" 10 "github.com/aavshr/aws-sdk-go/aws/awsutil" 11 "github.com/aavshr/aws-sdk-go/aws/request" 12 "github.com/aavshr/aws-sdk-go/private/protocol" 13 "github.com/aavshr/aws-sdk-go/private/protocol/jsonrpc" 14 ) 15 16 const opAcceptHandshake = "AcceptHandshake" 17 18 // AcceptHandshakeRequest generates a "aws/request.Request" representing the 19 // client's request for the AcceptHandshake operation. The "output" return 20 // value will be populated with the request's response once the request completes 21 // successfully. 22 // 23 // Use "Send" method on the returned Request to send the API call to the service. 24 // the "output" return value is not valid until after Send returns without error. 25 // 26 // See AcceptHandshake for more information on using the AcceptHandshake 27 // API call, and error handling. 28 // 29 // This method is useful when you want to inject custom logic or configuration 30 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 31 // 32 // 33 // // Example sending a request using the AcceptHandshakeRequest method. 34 // req, resp := client.AcceptHandshakeRequest(params) 35 // 36 // err := req.Send() 37 // if err == nil { // resp is now filled 38 // fmt.Println(resp) 39 // } 40 // 41 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 42 func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) { 43 op := &request.Operation{ 44 Name: opAcceptHandshake, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &AcceptHandshakeInput{} 51 } 52 53 output = &AcceptHandshakeOutput{} 54 req = c.newRequest(op, input, output) 55 return 56 } 57 58 // AcceptHandshake API operation for AWS Organizations. 59 // 60 // Sends a response to the originator of a handshake agreeing to the action 61 // proposed by the handshake request. 62 // 63 // This operation can be called only by the following principals when they also 64 // have the relevant IAM permissions: 65 // 66 // * Invitation to join or Approve all features request handshakes: only 67 // a principal from the member account. The user who calls the API for an 68 // invitation to join must have the organizations:AcceptHandshake permission. 69 // If you enabled all features in the organization, the user must also have 70 // the iam:CreateServiceLinkedRole permission so that AWS Organizations can 71 // create the required service-linked role named AWSServiceRoleForOrganizations. 72 // For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles) 73 // in the AWS Organizations User Guide. 74 // 75 // * Enable all features final confirmation handshake: only a principal from 76 // the management account. For more information about invitations, see Inviting 77 // an AWS Account to Join Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html) 78 // in the AWS Organizations User Guide. For more information about requests 79 // to enable all features in the organization, see Enabling All Features 80 // in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 81 // in the AWS Organizations User Guide. 82 // 83 // After you accept a handshake, it continues to appear in the results of relevant 84 // APIs for only 30 days. After that, it's deleted. 85 // 86 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 87 // with awserr.Error's Code and Message methods to get detailed information about 88 // the error. 89 // 90 // See the AWS API reference guide for AWS Organizations's 91 // API operation AcceptHandshake for usage and error information. 92 // 93 // Returned Error Types: 94 // * AccessDeniedException 95 // You don't have permissions to perform the requested operation. The user or 96 // role that is making the request must have at least one IAM permissions policy 97 // attached that grants the required permissions. For more information, see 98 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 99 // in the IAM User Guide. 100 // 101 // * AWSOrganizationsNotInUseException 102 // Your account isn't a member of an organization. To make this request, you 103 // must use the credentials of an account that belongs to an organization. 104 // 105 // * HandshakeConstraintViolationException 106 // The requested operation would violate the constraint identified in the reason 107 // code. 108 // 109 // Some of the reasons in the following list might not be applicable to this 110 // specific API or operation: 111 // 112 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 113 // the number of accounts in an organization. Note that deleted and closed 114 // accounts still count toward your limit. If you get this exception immediately 115 // after creating the organization, wait one hour and try again. If after 116 // an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 117 // 118 // * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 119 // the invited account is already a member of an organization. 120 // 121 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 122 // handshakes that you can send in one day. 123 // 124 // * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 125 // to join an organization while it's in the process of enabling all features. 126 // You can resume inviting accounts after you finalize the process when all 127 // accounts have agreed to the change. 128 // 129 // * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 130 // because the organization has already enabled all features. 131 // 132 // * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake 133 // request is invalid because the organization has already started the process 134 // to enable all features. 135 // 136 // * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 137 // the account is from a different marketplace than the accounts in the organization. 138 // For example, accounts with India addresses must be associated with the 139 // AISPL marketplace. All accounts in an organization must be from the same 140 // marketplace. 141 // 142 // * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 143 // change the membership of an account too quickly after its previous change. 144 // 145 // * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 146 // account that doesn't have a payment instrument, such as a credit card, 147 // associated with it. 148 // 149 // * HandshakeNotFoundException 150 // We can't find a handshake with the HandshakeId that you specified. 151 // 152 // * InvalidHandshakeTransitionException 153 // You can't perform the operation on the handshake in its current state. For 154 // example, you can't cancel a handshake that was already accepted or accept 155 // a handshake that was already declined. 156 // 157 // * HandshakeAlreadyInStateException 158 // The specified handshake is already in the requested state. For example, you 159 // can't accept a handshake that was already accepted. 160 // 161 // * InvalidInputException 162 // The requested operation failed because you provided invalid values for one 163 // or more of the request parameters. This exception includes a reason that 164 // contains additional information about the violated limit: 165 // 166 // Some of the reasons in the following list might not be applicable to this 167 // specific API or operation. 168 // 169 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 170 // the same entity. 171 // 172 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 173 // can't be modified. 174 // 175 // * INPUT_REQUIRED: You must include a value for all required parameters. 176 // 177 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 178 // for the invited account owner. 179 // 180 // * INVALID_ENUM: You specified an invalid value. 181 // 182 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 183 // 184 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 185 // characters. 186 // 187 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 188 // at least one invalid value. 189 // 190 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 191 // from the response to a previous call of the operation. 192 // 193 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 194 // organization, or email) as a party. 195 // 196 // * INVALID_PATTERN: You provided a value that doesn't match the required 197 // pattern. 198 // 199 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 200 // match the required pattern. 201 // 202 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 203 // name can't begin with the reserved prefix AWSServiceRoleFor. 204 // 205 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 206 // Name (ARN) for the organization. 207 // 208 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 209 // 210 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 211 // tag. You can’t add, edit, or delete system tag keys because they're 212 // reserved for AWS use. System tags don’t count against your tags per 213 // resource limit. 214 // 215 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 216 // for the operation. 217 // 218 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 219 // than allowed. 220 // 221 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 222 // value than allowed. 223 // 224 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 225 // than allowed. 226 // 227 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 228 // value than allowed. 229 // 230 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 231 // between entities in the same root. 232 // 233 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 234 // target entity. 235 // 236 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 237 // isn't recognized. 238 // 239 // * ConcurrentModificationException 240 // The target of the operation is currently being modified by a different request. 241 // Try again later. 242 // 243 // * ServiceException 244 // AWS Organizations can't complete your request because of an internal service 245 // error. Try again later. 246 // 247 // * TooManyRequestsException 248 // You have sent too many requests in too short a period of time. The quota 249 // helps protect against denial-of-service attacks. Try again later. 250 // 251 // For information about quotas that affect AWS Organizations, see Quotas for 252 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 253 // the AWS Organizations User Guide. 254 // 255 // * AccessDeniedForDependencyException 256 // The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 257 // for organizations.amazonaws.com permission so that AWS Organizations can 258 // create the required service-linked role. You don't have that permission. 259 // 260 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake 261 func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) { 262 req, out := c.AcceptHandshakeRequest(input) 263 return out, req.Send() 264 } 265 266 // AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of 267 // the ability to pass a context and additional request options. 268 // 269 // See AcceptHandshake for details on how to use this API operation. 270 // 271 // The context must be non-nil and will be used for request cancellation. If 272 // the context is nil a panic will occur. In the future the SDK may create 273 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 274 // for more information on using Contexts. 275 func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) { 276 req, out := c.AcceptHandshakeRequest(input) 277 req.SetContext(ctx) 278 req.ApplyOptions(opts...) 279 return out, req.Send() 280 } 281 282 const opAttachPolicy = "AttachPolicy" 283 284 // AttachPolicyRequest generates a "aws/request.Request" representing the 285 // client's request for the AttachPolicy operation. The "output" return 286 // value will be populated with the request's response once the request completes 287 // successfully. 288 // 289 // Use "Send" method on the returned Request to send the API call to the service. 290 // the "output" return value is not valid until after Send returns without error. 291 // 292 // See AttachPolicy for more information on using the AttachPolicy 293 // API call, and error handling. 294 // 295 // This method is useful when you want to inject custom logic or configuration 296 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 297 // 298 // 299 // // Example sending a request using the AttachPolicyRequest method. 300 // req, resp := client.AttachPolicyRequest(params) 301 // 302 // err := req.Send() 303 // if err == nil { // resp is now filled 304 // fmt.Println(resp) 305 // } 306 // 307 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 308 func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) { 309 op := &request.Operation{ 310 Name: opAttachPolicy, 311 HTTPMethod: "POST", 312 HTTPPath: "/", 313 } 314 315 if input == nil { 316 input = &AttachPolicyInput{} 317 } 318 319 output = &AttachPolicyOutput{} 320 req = c.newRequest(op, input, output) 321 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 322 return 323 } 324 325 // AttachPolicy API operation for AWS Organizations. 326 // 327 // Attaches a policy to a root, an organizational unit (OU), or an individual 328 // account. How the policy affects accounts depends on the type of policy. Refer 329 // to the AWS Organizations User Guide for information about each policy type: 330 // 331 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 332 // 333 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 334 // 335 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 336 // 337 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 338 // 339 // This operation can be called only from the organization's management account. 340 // 341 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 342 // with awserr.Error's Code and Message methods to get detailed information about 343 // the error. 344 // 345 // See the AWS API reference guide for AWS Organizations's 346 // API operation AttachPolicy for usage and error information. 347 // 348 // Returned Error Types: 349 // * AccessDeniedException 350 // You don't have permissions to perform the requested operation. The user or 351 // role that is making the request must have at least one IAM permissions policy 352 // attached that grants the required permissions. For more information, see 353 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 354 // in the IAM User Guide. 355 // 356 // * AWSOrganizationsNotInUseException 357 // Your account isn't a member of an organization. To make this request, you 358 // must use the credentials of an account that belongs to an organization. 359 // 360 // * ConcurrentModificationException 361 // The target of the operation is currently being modified by a different request. 362 // Try again later. 363 // 364 // * ConstraintViolationException 365 // Performing this operation violates a minimum or maximum value limit. For 366 // example, attempting to remove the last service control policy (SCP) from 367 // an OU or root, inviting or creating too many accounts to the organization, 368 // or attaching too many policies to an account, OU, or root. This exception 369 // includes a reason that contains additional information about the violated 370 // limit: 371 // 372 // Some of the reasons in the following list might not be applicable to this 373 // specific API or operation. 374 // 375 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 376 // account from the organization. You can't remove the management account. 377 // Instead, after you remove all member accounts, delete the organization 378 // itself. 379 // 380 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 381 // from the organization that doesn't yet have enough information to exist 382 // as a standalone account. This account requires you to first agree to the 383 // AWS Customer Agreement. Follow the steps at Removing a member account 384 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 385 // the AWS Organizations User Guide. 386 // 387 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 388 // an account from the organization that doesn't yet have enough information 389 // to exist as a standalone account. This account requires you to first complete 390 // phone verification. Follow the steps at Removing a member account from 391 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 392 // in the AWS Organizations User Guide. 393 // 394 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 395 // of accounts that you can create in one day. 396 // 397 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 398 // the number of accounts in an organization. If you need more accounts, 399 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 400 // request an increase in your limit. Or the number of invitations that you 401 // tried to send would cause you to exceed the limit of accounts in your 402 // organization. Send fewer invitations or contact AWS Support to request 403 // an increase in the number of accounts. Deleted and closed accounts still 404 // count toward your limit. If you get this exception when running a command 405 // immediately after creating the organization, wait one hour and try again. 406 // After an hour, if the command continues to fail with this error, contact 407 // AWS Support (https://console.aws.amazon.com/support/home#/). 408 // 409 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 410 // register the management account of the organization as a delegated administrator 411 // for an AWS service integrated with Organizations. You can designate only 412 // a member account as a delegated administrator. 413 // 414 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 415 // an account that is registered as a delegated administrator for a service 416 // integrated with your organization. To complete this operation, you must 417 // first deregister this account as a delegated administrator. 418 // 419 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 420 // organization in the specified region, you must enable all features mode. 421 // 422 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 423 // an AWS account as a delegated administrator for an AWS service that already 424 // has a delegated administrator. To complete this operation, you must first 425 // deregister any existing delegated administrators for this service. 426 // 427 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 428 // valid for a limited period of time. You must resubmit the request and 429 // generate a new verfication code. 430 // 431 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 432 // handshakes that you can send in one day. 433 // 434 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 435 // in this organization, you first must migrate the organization's management 436 // account to the marketplace that corresponds to the management account's 437 // address. For example, accounts with India addresses must be associated 438 // with the AISPL marketplace. All accounts in an organization must be associated 439 // with the same marketplace. 440 // 441 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 442 // in China. To create an organization, the master must have a valid business 443 // license. For more information, contact customer support. 444 // 445 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 446 // must first provide a valid contact address and phone number for the management 447 // account. Then try the operation again. 448 // 449 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 450 // management account must have an associated account in the AWS GovCloud 451 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 452 // in the AWS GovCloud User Guide. 453 // 454 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 455 // with this management account, you first must associate a valid payment 456 // instrument, such as a credit card, with the account. Follow the steps 457 // at To leave an organization when all required account information has 458 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 459 // in the AWS Organizations User Guide. 460 // 461 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 462 // to register more delegated administrators than allowed for the service 463 // principal. 464 // 465 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 466 // number of policies of a certain type that can be attached to an entity 467 // at one time. 468 // 469 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 470 // on this resource. 471 // 472 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 473 // with this member account, you first must associate a valid payment instrument, 474 // such as a credit card, with the account. Follow the steps at To leave 475 // an organization when all required account information has not yet been 476 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 477 // in the AWS Organizations User Guide. 478 // 479 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 480 // policy from an entity that would cause the entity to have fewer than the 481 // minimum number of policies of a certain type required. 482 // 483 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 484 // that requires the organization to be configured to support all features. 485 // An organization that supports only consolidated billing features can't 486 // perform this operation. 487 // 488 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 489 // too many levels deep. 490 // 491 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 492 // that you can have in an organization. 493 // 494 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 495 // is larger than the maximum size. 496 // 497 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 498 // policies that you can have in an organization. 499 // 500 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 501 // tags that are not compliant with the tag policy requirements for this 502 // account. 503 // 504 // * DuplicatePolicyAttachmentException 505 // The selected policy is already attached to the specified target. 506 // 507 // * InvalidInputException 508 // The requested operation failed because you provided invalid values for one 509 // or more of the request parameters. This exception includes a reason that 510 // contains additional information about the violated limit: 511 // 512 // Some of the reasons in the following list might not be applicable to this 513 // specific API or operation. 514 // 515 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 516 // the same entity. 517 // 518 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 519 // can't be modified. 520 // 521 // * INPUT_REQUIRED: You must include a value for all required parameters. 522 // 523 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 524 // for the invited account owner. 525 // 526 // * INVALID_ENUM: You specified an invalid value. 527 // 528 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 529 // 530 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 531 // characters. 532 // 533 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 534 // at least one invalid value. 535 // 536 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 537 // from the response to a previous call of the operation. 538 // 539 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 540 // organization, or email) as a party. 541 // 542 // * INVALID_PATTERN: You provided a value that doesn't match the required 543 // pattern. 544 // 545 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 546 // match the required pattern. 547 // 548 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 549 // name can't begin with the reserved prefix AWSServiceRoleFor. 550 // 551 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 552 // Name (ARN) for the organization. 553 // 554 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 555 // 556 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 557 // tag. You can’t add, edit, or delete system tag keys because they're 558 // reserved for AWS use. System tags don’t count against your tags per 559 // resource limit. 560 // 561 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 562 // for the operation. 563 // 564 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 565 // than allowed. 566 // 567 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 568 // value than allowed. 569 // 570 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 571 // than allowed. 572 // 573 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 574 // value than allowed. 575 // 576 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 577 // between entities in the same root. 578 // 579 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 580 // target entity. 581 // 582 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 583 // isn't recognized. 584 // 585 // * PolicyNotFoundException 586 // We can't find a policy with the PolicyId that you specified. 587 // 588 // * PolicyTypeNotEnabledException 589 // The specified policy type isn't currently enabled in this root. You can't 590 // attach policies of the specified type to entities in a root until you enable 591 // that type in the root. For more information, see Enabling All Features in 592 // Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 593 // in the AWS Organizations User Guide. 594 // 595 // * ServiceException 596 // AWS Organizations can't complete your request because of an internal service 597 // error. Try again later. 598 // 599 // * TargetNotFoundException 600 // We can't find a root, OU, account, or policy with the TargetId that you specified. 601 // 602 // * TooManyRequestsException 603 // You have sent too many requests in too short a period of time. The quota 604 // helps protect against denial-of-service attacks. Try again later. 605 // 606 // For information about quotas that affect AWS Organizations, see Quotas for 607 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 608 // the AWS Organizations User Guide. 609 // 610 // * UnsupportedAPIEndpointException 611 // This action isn't available in the current AWS Region. 612 // 613 // * PolicyChangesInProgressException 614 // Changes to the effective policy are in progress, and its contents can't be 615 // returned. Try the operation again later. 616 // 617 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy 618 func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) { 619 req, out := c.AttachPolicyRequest(input) 620 return out, req.Send() 621 } 622 623 // AttachPolicyWithContext is the same as AttachPolicy with the addition of 624 // the ability to pass a context and additional request options. 625 // 626 // See AttachPolicy for details on how to use this API operation. 627 // 628 // The context must be non-nil and will be used for request cancellation. If 629 // the context is nil a panic will occur. In the future the SDK may create 630 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 631 // for more information on using Contexts. 632 func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) { 633 req, out := c.AttachPolicyRequest(input) 634 req.SetContext(ctx) 635 req.ApplyOptions(opts...) 636 return out, req.Send() 637 } 638 639 const opCancelHandshake = "CancelHandshake" 640 641 // CancelHandshakeRequest generates a "aws/request.Request" representing the 642 // client's request for the CancelHandshake operation. The "output" return 643 // value will be populated with the request's response once the request completes 644 // successfully. 645 // 646 // Use "Send" method on the returned Request to send the API call to the service. 647 // the "output" return value is not valid until after Send returns without error. 648 // 649 // See CancelHandshake for more information on using the CancelHandshake 650 // API call, and error handling. 651 // 652 // This method is useful when you want to inject custom logic or configuration 653 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 654 // 655 // 656 // // Example sending a request using the CancelHandshakeRequest method. 657 // req, resp := client.CancelHandshakeRequest(params) 658 // 659 // err := req.Send() 660 // if err == nil { // resp is now filled 661 // fmt.Println(resp) 662 // } 663 // 664 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 665 func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) { 666 op := &request.Operation{ 667 Name: opCancelHandshake, 668 HTTPMethod: "POST", 669 HTTPPath: "/", 670 } 671 672 if input == nil { 673 input = &CancelHandshakeInput{} 674 } 675 676 output = &CancelHandshakeOutput{} 677 req = c.newRequest(op, input, output) 678 return 679 } 680 681 // CancelHandshake API operation for AWS Organizations. 682 // 683 // Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED. 684 // 685 // This operation can be called only from the account that originated the handshake. 686 // The recipient of the handshake can't cancel it, but can use DeclineHandshake 687 // instead. After a handshake is canceled, the recipient can no longer respond 688 // to that handshake. 689 // 690 // After you cancel a handshake, it continues to appear in the results of relevant 691 // APIs for only 30 days. After that, it's deleted. 692 // 693 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 694 // with awserr.Error's Code and Message methods to get detailed information about 695 // the error. 696 // 697 // See the AWS API reference guide for AWS Organizations's 698 // API operation CancelHandshake for usage and error information. 699 // 700 // Returned Error Types: 701 // * AccessDeniedException 702 // You don't have permissions to perform the requested operation. The user or 703 // role that is making the request must have at least one IAM permissions policy 704 // attached that grants the required permissions. For more information, see 705 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 706 // in the IAM User Guide. 707 // 708 // * ConcurrentModificationException 709 // The target of the operation is currently being modified by a different request. 710 // Try again later. 711 // 712 // * HandshakeNotFoundException 713 // We can't find a handshake with the HandshakeId that you specified. 714 // 715 // * InvalidHandshakeTransitionException 716 // You can't perform the operation on the handshake in its current state. For 717 // example, you can't cancel a handshake that was already accepted or accept 718 // a handshake that was already declined. 719 // 720 // * HandshakeAlreadyInStateException 721 // The specified handshake is already in the requested state. For example, you 722 // can't accept a handshake that was already accepted. 723 // 724 // * InvalidInputException 725 // The requested operation failed because you provided invalid values for one 726 // or more of the request parameters. This exception includes a reason that 727 // contains additional information about the violated limit: 728 // 729 // Some of the reasons in the following list might not be applicable to this 730 // specific API or operation. 731 // 732 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 733 // the same entity. 734 // 735 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 736 // can't be modified. 737 // 738 // * INPUT_REQUIRED: You must include a value for all required parameters. 739 // 740 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 741 // for the invited account owner. 742 // 743 // * INVALID_ENUM: You specified an invalid value. 744 // 745 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 746 // 747 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 748 // characters. 749 // 750 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 751 // at least one invalid value. 752 // 753 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 754 // from the response to a previous call of the operation. 755 // 756 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 757 // organization, or email) as a party. 758 // 759 // * INVALID_PATTERN: You provided a value that doesn't match the required 760 // pattern. 761 // 762 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 763 // match the required pattern. 764 // 765 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 766 // name can't begin with the reserved prefix AWSServiceRoleFor. 767 // 768 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 769 // Name (ARN) for the organization. 770 // 771 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 772 // 773 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 774 // tag. You can’t add, edit, or delete system tag keys because they're 775 // reserved for AWS use. System tags don’t count against your tags per 776 // resource limit. 777 // 778 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 779 // for the operation. 780 // 781 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 782 // than allowed. 783 // 784 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 785 // value than allowed. 786 // 787 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 788 // than allowed. 789 // 790 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 791 // value than allowed. 792 // 793 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 794 // between entities in the same root. 795 // 796 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 797 // target entity. 798 // 799 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 800 // isn't recognized. 801 // 802 // * ServiceException 803 // AWS Organizations can't complete your request because of an internal service 804 // error. Try again later. 805 // 806 // * TooManyRequestsException 807 // You have sent too many requests in too short a period of time. The quota 808 // helps protect against denial-of-service attacks. Try again later. 809 // 810 // For information about quotas that affect AWS Organizations, see Quotas for 811 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 812 // the AWS Organizations User Guide. 813 // 814 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake 815 func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) { 816 req, out := c.CancelHandshakeRequest(input) 817 return out, req.Send() 818 } 819 820 // CancelHandshakeWithContext is the same as CancelHandshake with the addition of 821 // the ability to pass a context and additional request options. 822 // 823 // See CancelHandshake for details on how to use this API operation. 824 // 825 // The context must be non-nil and will be used for request cancellation. If 826 // the context is nil a panic will occur. In the future the SDK may create 827 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 828 // for more information on using Contexts. 829 func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) { 830 req, out := c.CancelHandshakeRequest(input) 831 req.SetContext(ctx) 832 req.ApplyOptions(opts...) 833 return out, req.Send() 834 } 835 836 const opCreateAccount = "CreateAccount" 837 838 // CreateAccountRequest generates a "aws/request.Request" representing the 839 // client's request for the CreateAccount operation. The "output" return 840 // value will be populated with the request's response once the request completes 841 // successfully. 842 // 843 // Use "Send" method on the returned Request to send the API call to the service. 844 // the "output" return value is not valid until after Send returns without error. 845 // 846 // See CreateAccount for more information on using the CreateAccount 847 // API call, and error handling. 848 // 849 // This method is useful when you want to inject custom logic or configuration 850 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 851 // 852 // 853 // // Example sending a request using the CreateAccountRequest method. 854 // req, resp := client.CreateAccountRequest(params) 855 // 856 // err := req.Send() 857 // if err == nil { // resp is now filled 858 // fmt.Println(resp) 859 // } 860 // 861 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 862 func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) { 863 op := &request.Operation{ 864 Name: opCreateAccount, 865 HTTPMethod: "POST", 866 HTTPPath: "/", 867 } 868 869 if input == nil { 870 input = &CreateAccountInput{} 871 } 872 873 output = &CreateAccountOutput{} 874 req = c.newRequest(op, input, output) 875 return 876 } 877 878 // CreateAccount API operation for AWS Organizations. 879 // 880 // Creates an AWS account that is automatically a member of the organization 881 // whose credentials made the request. This is an asynchronous request that 882 // AWS performs in the background. Because CreateAccount operates asynchronously, 883 // it can return a successful completion message even though account initialization 884 // might still be in progress. You might need to wait a few minutes before you 885 // can successfully access the account. To check the status of the request, 886 // do one of the following: 887 // 888 // * Use the Id member of the CreateAccountStatus response element from this 889 // operation to provide as a parameter to the DescribeCreateAccountStatus 890 // operation. 891 // 892 // * Check the AWS CloudTrail log for the CreateAccountResult event. For 893 // information on using AWS CloudTrail with AWS Organizations, see Logging 894 // and monitoring in AWS Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration) 895 // in the AWS Organizations User Guide. 896 // 897 // The user who calls the API to create an account must have the organizations:CreateAccount 898 // permission. If you enabled all features in the organization, AWS Organizations 899 // creates the required service-linked role named AWSServiceRoleForOrganizations. 900 // For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 901 // in the AWS Organizations User Guide. 902 // 903 // If the request includes tags, then the requester must have the organizations:TagResource 904 // permission. 905 // 906 // AWS Organizations preconfigures the new member account with a role (named 907 // OrganizationAccountAccessRole by default) that grants users in the management 908 // account administrator permissions in the new member account. Principals in 909 // the management account can assume the role. AWS Organizations clones the 910 // company name and address information for the new account from the organization's 911 // management account. 912 // 913 // This operation can be called only from the organization's management account. 914 // 915 // For more information about creating accounts, see Creating an AWS Account 916 // in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 917 // in the AWS Organizations User Guide. 918 // 919 // * When you create an account in an organization using the AWS Organizations 920 // console, API, or CLI commands, the information required for the account 921 // to operate as a standalone account, such as a payment method and signing 922 // the end user license agreement (EULA) is not automatically collected. 923 // If you must remove an account from your organization later, you can do 924 // so only after you provide the missing information. Follow the steps at 925 // To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 926 // in the AWS Organizations User Guide. 927 // 928 // * If you get an exception that indicates that you exceeded your account 929 // limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 930 // 931 // * If you get an exception that indicates that the operation failed because 932 // your organization is still initializing, wait one hour and then try again. 933 // If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 934 // 935 // * Using CreateAccount to create multiple temporary accounts isn't recommended. 936 // You can only close an account from the Billing and Cost Management Console, 937 // and you must be signed in as the root user. For information on the requirements 938 // and process for closing an account, see Closing an AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 939 // in the AWS Organizations User Guide. 940 // 941 // When you create a member account with this operation, you can choose whether 942 // to create the account with the IAM User and Role Access to Billing Information 943 // switch enabled. If you enable it, IAM users and roles that have appropriate 944 // permissions can view billing information for the account. If you disable 945 // it, only the account root user can access billing information. For information 946 // about how to disable this switch for an account, see Granting Access to Your 947 // Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 948 // 949 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 950 // with awserr.Error's Code and Message methods to get detailed information about 951 // the error. 952 // 953 // See the AWS API reference guide for AWS Organizations's 954 // API operation CreateAccount for usage and error information. 955 // 956 // Returned Error Types: 957 // * AccessDeniedException 958 // You don't have permissions to perform the requested operation. The user or 959 // role that is making the request must have at least one IAM permissions policy 960 // attached that grants the required permissions. For more information, see 961 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 962 // in the IAM User Guide. 963 // 964 // * AWSOrganizationsNotInUseException 965 // Your account isn't a member of an organization. To make this request, you 966 // must use the credentials of an account that belongs to an organization. 967 // 968 // * ConcurrentModificationException 969 // The target of the operation is currently being modified by a different request. 970 // Try again later. 971 // 972 // * ConstraintViolationException 973 // Performing this operation violates a minimum or maximum value limit. For 974 // example, attempting to remove the last service control policy (SCP) from 975 // an OU or root, inviting or creating too many accounts to the organization, 976 // or attaching too many policies to an account, OU, or root. This exception 977 // includes a reason that contains additional information about the violated 978 // limit: 979 // 980 // Some of the reasons in the following list might not be applicable to this 981 // specific API or operation. 982 // 983 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 984 // account from the organization. You can't remove the management account. 985 // Instead, after you remove all member accounts, delete the organization 986 // itself. 987 // 988 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 989 // from the organization that doesn't yet have enough information to exist 990 // as a standalone account. This account requires you to first agree to the 991 // AWS Customer Agreement. Follow the steps at Removing a member account 992 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 993 // the AWS Organizations User Guide. 994 // 995 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 996 // an account from the organization that doesn't yet have enough information 997 // to exist as a standalone account. This account requires you to first complete 998 // phone verification. Follow the steps at Removing a member account from 999 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 1000 // in the AWS Organizations User Guide. 1001 // 1002 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1003 // of accounts that you can create in one day. 1004 // 1005 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1006 // the number of accounts in an organization. If you need more accounts, 1007 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1008 // request an increase in your limit. Or the number of invitations that you 1009 // tried to send would cause you to exceed the limit of accounts in your 1010 // organization. Send fewer invitations or contact AWS Support to request 1011 // an increase in the number of accounts. Deleted and closed accounts still 1012 // count toward your limit. If you get this exception when running a command 1013 // immediately after creating the organization, wait one hour and try again. 1014 // After an hour, if the command continues to fail with this error, contact 1015 // AWS Support (https://console.aws.amazon.com/support/home#/). 1016 // 1017 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 1018 // register the management account of the organization as a delegated administrator 1019 // for an AWS service integrated with Organizations. You can designate only 1020 // a member account as a delegated administrator. 1021 // 1022 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 1023 // an account that is registered as a delegated administrator for a service 1024 // integrated with your organization. To complete this operation, you must 1025 // first deregister this account as a delegated administrator. 1026 // 1027 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 1028 // organization in the specified region, you must enable all features mode. 1029 // 1030 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 1031 // an AWS account as a delegated administrator for an AWS service that already 1032 // has a delegated administrator. To complete this operation, you must first 1033 // deregister any existing delegated administrators for this service. 1034 // 1035 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 1036 // valid for a limited period of time. You must resubmit the request and 1037 // generate a new verfication code. 1038 // 1039 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1040 // handshakes that you can send in one day. 1041 // 1042 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1043 // in this organization, you first must migrate the organization's management 1044 // account to the marketplace that corresponds to the management account's 1045 // address. For example, accounts with India addresses must be associated 1046 // with the AISPL marketplace. All accounts in an organization must be associated 1047 // with the same marketplace. 1048 // 1049 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 1050 // in China. To create an organization, the master must have a valid business 1051 // license. For more information, contact customer support. 1052 // 1053 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1054 // must first provide a valid contact address and phone number for the management 1055 // account. Then try the operation again. 1056 // 1057 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1058 // management account must have an associated account in the AWS GovCloud 1059 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1060 // in the AWS GovCloud User Guide. 1061 // 1062 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1063 // with this management account, you first must associate a valid payment 1064 // instrument, such as a credit card, with the account. Follow the steps 1065 // at To leave an organization when all required account information has 1066 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1067 // in the AWS Organizations User Guide. 1068 // 1069 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 1070 // to register more delegated administrators than allowed for the service 1071 // principal. 1072 // 1073 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1074 // number of policies of a certain type that can be attached to an entity 1075 // at one time. 1076 // 1077 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1078 // on this resource. 1079 // 1080 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1081 // with this member account, you first must associate a valid payment instrument, 1082 // such as a credit card, with the account. Follow the steps at To leave 1083 // an organization when all required account information has not yet been 1084 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1085 // in the AWS Organizations User Guide. 1086 // 1087 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1088 // policy from an entity that would cause the entity to have fewer than the 1089 // minimum number of policies of a certain type required. 1090 // 1091 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1092 // that requires the organization to be configured to support all features. 1093 // An organization that supports only consolidated billing features can't 1094 // perform this operation. 1095 // 1096 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1097 // too many levels deep. 1098 // 1099 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1100 // that you can have in an organization. 1101 // 1102 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 1103 // is larger than the maximum size. 1104 // 1105 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 1106 // policies that you can have in an organization. 1107 // 1108 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 1109 // tags that are not compliant with the tag policy requirements for this 1110 // account. 1111 // 1112 // * InvalidInputException 1113 // The requested operation failed because you provided invalid values for one 1114 // or more of the request parameters. This exception includes a reason that 1115 // contains additional information about the violated limit: 1116 // 1117 // Some of the reasons in the following list might not be applicable to this 1118 // specific API or operation. 1119 // 1120 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 1121 // the same entity. 1122 // 1123 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1124 // can't be modified. 1125 // 1126 // * INPUT_REQUIRED: You must include a value for all required parameters. 1127 // 1128 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 1129 // for the invited account owner. 1130 // 1131 // * INVALID_ENUM: You specified an invalid value. 1132 // 1133 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 1134 // 1135 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1136 // characters. 1137 // 1138 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1139 // at least one invalid value. 1140 // 1141 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1142 // from the response to a previous call of the operation. 1143 // 1144 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1145 // organization, or email) as a party. 1146 // 1147 // * INVALID_PATTERN: You provided a value that doesn't match the required 1148 // pattern. 1149 // 1150 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1151 // match the required pattern. 1152 // 1153 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1154 // name can't begin with the reserved prefix AWSServiceRoleFor. 1155 // 1156 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1157 // Name (ARN) for the organization. 1158 // 1159 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1160 // 1161 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1162 // tag. You can’t add, edit, or delete system tag keys because they're 1163 // reserved for AWS use. System tags don’t count against your tags per 1164 // resource limit. 1165 // 1166 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1167 // for the operation. 1168 // 1169 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1170 // than allowed. 1171 // 1172 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1173 // value than allowed. 1174 // 1175 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1176 // than allowed. 1177 // 1178 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1179 // value than allowed. 1180 // 1181 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1182 // between entities in the same root. 1183 // 1184 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 1185 // target entity. 1186 // 1187 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 1188 // isn't recognized. 1189 // 1190 // * FinalizingOrganizationException 1191 // AWS Organizations couldn't perform the operation because your organization 1192 // hasn't finished initializing. This can take up to an hour. Try again later. 1193 // If after one hour you continue to receive this error, contact AWS Support 1194 // (https://console.aws.amazon.com/support/home#/). 1195 // 1196 // * ServiceException 1197 // AWS Organizations can't complete your request because of an internal service 1198 // error. Try again later. 1199 // 1200 // * TooManyRequestsException 1201 // You have sent too many requests in too short a period of time. The quota 1202 // helps protect against denial-of-service attacks. Try again later. 1203 // 1204 // For information about quotas that affect AWS Organizations, see Quotas for 1205 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 1206 // the AWS Organizations User Guide. 1207 // 1208 // * UnsupportedAPIEndpointException 1209 // This action isn't available in the current AWS Region. 1210 // 1211 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount 1212 func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) { 1213 req, out := c.CreateAccountRequest(input) 1214 return out, req.Send() 1215 } 1216 1217 // CreateAccountWithContext is the same as CreateAccount with the addition of 1218 // the ability to pass a context and additional request options. 1219 // 1220 // See CreateAccount for details on how to use this API operation. 1221 // 1222 // The context must be non-nil and will be used for request cancellation. If 1223 // the context is nil a panic will occur. In the future the SDK may create 1224 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1225 // for more information on using Contexts. 1226 func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) { 1227 req, out := c.CreateAccountRequest(input) 1228 req.SetContext(ctx) 1229 req.ApplyOptions(opts...) 1230 return out, req.Send() 1231 } 1232 1233 const opCreateGovCloudAccount = "CreateGovCloudAccount" 1234 1235 // CreateGovCloudAccountRequest generates a "aws/request.Request" representing the 1236 // client's request for the CreateGovCloudAccount operation. The "output" return 1237 // value will be populated with the request's response once the request completes 1238 // successfully. 1239 // 1240 // Use "Send" method on the returned Request to send the API call to the service. 1241 // the "output" return value is not valid until after Send returns without error. 1242 // 1243 // See CreateGovCloudAccount for more information on using the CreateGovCloudAccount 1244 // API call, and error handling. 1245 // 1246 // This method is useful when you want to inject custom logic or configuration 1247 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 1248 // 1249 // 1250 // // Example sending a request using the CreateGovCloudAccountRequest method. 1251 // req, resp := client.CreateGovCloudAccountRequest(params) 1252 // 1253 // err := req.Send() 1254 // if err == nil { // resp is now filled 1255 // fmt.Println(resp) 1256 // } 1257 // 1258 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1259 func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) { 1260 op := &request.Operation{ 1261 Name: opCreateGovCloudAccount, 1262 HTTPMethod: "POST", 1263 HTTPPath: "/", 1264 } 1265 1266 if input == nil { 1267 input = &CreateGovCloudAccountInput{} 1268 } 1269 1270 output = &CreateGovCloudAccountOutput{} 1271 req = c.newRequest(op, input, output) 1272 return 1273 } 1274 1275 // CreateGovCloudAccount API operation for AWS Organizations. 1276 // 1277 // This action is available if all of the following are true: 1278 // 1279 // * You're authorized to create accounts in the AWS GovCloud (US) Region. 1280 // For more information on the AWS GovCloud (US) Region, see the AWS GovCloud 1281 // User Guide. (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html) 1282 // 1283 // * You already have an account in the AWS GovCloud (US) Region that is 1284 // paired with a management account of an organization in the commercial 1285 // Region. 1286 // 1287 // * You call this action from the management account of your organization 1288 // in the commercial Region. 1289 // 1290 // * You have the organizations:CreateGovCloudAccount permission. 1291 // 1292 // AWS Organizations automatically creates the required service-linked role 1293 // named AWSServiceRoleForOrganizations. For more information, see AWS Organizations 1294 // and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs) 1295 // in the AWS Organizations User Guide. 1296 // 1297 // AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts, 1298 // but you should also do the following: 1299 // 1300 // * Verify that AWS CloudTrail is enabled to store logs. 1301 // 1302 // * Create an S3 bucket for AWS CloudTrail log storage. For more information, 1303 // see Verifying AWS CloudTrail Is Enabled (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html) 1304 // in the AWS GovCloud User Guide. 1305 // 1306 // If the request includes tags, then the requester must have the organizations:TagResource 1307 // permission. The tags are attached to the commercial account associated with 1308 // the GovCloud account, rather than the GovCloud account itself. To add tags 1309 // to the GovCloud account, call the TagResource operation in the GovCloud Region 1310 // after the new GovCloud account exists. 1311 // 1312 // You call this action from the management account of your organization in 1313 // the commercial Region to create a standalone AWS account in the AWS GovCloud 1314 // (US) Region. After the account is created, the management account of an organization 1315 // in the AWS GovCloud (US) Region can invite it to that organization. For more 1316 // information on inviting standalone accounts in the AWS GovCloud (US) to join 1317 // an organization, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1318 // in the AWS GovCloud User Guide. 1319 // 1320 // Calling CreateGovCloudAccount is an asynchronous request that AWS performs 1321 // in the background. Because CreateGovCloudAccount operates asynchronously, 1322 // it can return a successful completion message even though account initialization 1323 // might still be in progress. You might need to wait a few minutes before you 1324 // can successfully access the account. To check the status of the request, 1325 // do one of the following: 1326 // 1327 // * Use the OperationId response element from this operation to provide 1328 // as a parameter to the DescribeCreateAccountStatus operation. 1329 // 1330 // * Check the AWS CloudTrail log for the CreateAccountResult event. For 1331 // information on using AWS CloudTrail with Organizations, see Monitoring 1332 // the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 1333 // in the AWS Organizations User Guide. 1334 // 1335 // When you call the CreateGovCloudAccount action, you create two accounts: 1336 // a standalone account in the AWS GovCloud (US) Region and an associated account 1337 // in the commercial Region for billing and support purposes. The account in 1338 // the commercial Region is automatically a member of the organization whose 1339 // credentials made the request. Both accounts are associated with the same 1340 // email address. 1341 // 1342 // A role is created in the new account in the commercial Region that allows 1343 // the management account in the organization in the commercial Region to assume 1344 // it. An AWS GovCloud (US) account is then created and associated with the 1345 // commercial account that you just created. A role is also created in the new 1346 // AWS GovCloud (US) account that can be assumed by the AWS GovCloud (US) account 1347 // that is associated with the management account of the commercial organization. 1348 // For more information and to view a diagram that explains how account access 1349 // works, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1350 // in the AWS GovCloud User Guide. 1351 // 1352 // For more information about creating accounts, see Creating an AWS Account 1353 // in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html) 1354 // in the AWS Organizations User Guide. 1355 // 1356 // * When you create an account in an organization using the AWS Organizations 1357 // console, API, or CLI commands, the information required for the account 1358 // to operate as a standalone account is not automatically collected. This 1359 // includes a payment method and signing the end user license agreement (EULA). 1360 // If you must remove an account from your organization later, you can do 1361 // so only after you provide the missing information. Follow the steps at 1362 // To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1363 // in the AWS Organizations User Guide. 1364 // 1365 // * If you get an exception that indicates that you exceeded your account 1366 // limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1367 // 1368 // * If you get an exception that indicates that the operation failed because 1369 // your organization is still initializing, wait one hour and then try again. 1370 // If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/). 1371 // 1372 // * Using CreateGovCloudAccount to create multiple temporary accounts isn't 1373 // recommended. You can only close an account from the AWS Billing and Cost 1374 // Management console, and you must be signed in as the root user. For information 1375 // on the requirements and process for closing an account, see Closing an 1376 // AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html) 1377 // in the AWS Organizations User Guide. 1378 // 1379 // When you create a member account with this operation, you can choose whether 1380 // to create the account with the IAM User and Role Access to Billing Information 1381 // switch enabled. If you enable it, IAM users and roles that have appropriate 1382 // permissions can view billing information for the account. If you disable 1383 // it, only the account root user can access billing information. For information 1384 // about how to disable this switch for an account, see Granting Access to Your 1385 // Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html). 1386 // 1387 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1388 // with awserr.Error's Code and Message methods to get detailed information about 1389 // the error. 1390 // 1391 // See the AWS API reference guide for AWS Organizations's 1392 // API operation CreateGovCloudAccount for usage and error information. 1393 // 1394 // Returned Error Types: 1395 // * AccessDeniedException 1396 // You don't have permissions to perform the requested operation. The user or 1397 // role that is making the request must have at least one IAM permissions policy 1398 // attached that grants the required permissions. For more information, see 1399 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1400 // in the IAM User Guide. 1401 // 1402 // * AWSOrganizationsNotInUseException 1403 // Your account isn't a member of an organization. To make this request, you 1404 // must use the credentials of an account that belongs to an organization. 1405 // 1406 // * ConcurrentModificationException 1407 // The target of the operation is currently being modified by a different request. 1408 // Try again later. 1409 // 1410 // * ConstraintViolationException 1411 // Performing this operation violates a minimum or maximum value limit. For 1412 // example, attempting to remove the last service control policy (SCP) from 1413 // an OU or root, inviting or creating too many accounts to the organization, 1414 // or attaching too many policies to an account, OU, or root. This exception 1415 // includes a reason that contains additional information about the violated 1416 // limit: 1417 // 1418 // Some of the reasons in the following list might not be applicable to this 1419 // specific API or operation. 1420 // 1421 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 1422 // account from the organization. You can't remove the management account. 1423 // Instead, after you remove all member accounts, delete the organization 1424 // itself. 1425 // 1426 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1427 // from the organization that doesn't yet have enough information to exist 1428 // as a standalone account. This account requires you to first agree to the 1429 // AWS Customer Agreement. Follow the steps at Removing a member account 1430 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 1431 // the AWS Organizations User Guide. 1432 // 1433 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1434 // an account from the organization that doesn't yet have enough information 1435 // to exist as a standalone account. This account requires you to first complete 1436 // phone verification. Follow the steps at Removing a member account from 1437 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 1438 // in the AWS Organizations User Guide. 1439 // 1440 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1441 // of accounts that you can create in one day. 1442 // 1443 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1444 // the number of accounts in an organization. If you need more accounts, 1445 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1446 // request an increase in your limit. Or the number of invitations that you 1447 // tried to send would cause you to exceed the limit of accounts in your 1448 // organization. Send fewer invitations or contact AWS Support to request 1449 // an increase in the number of accounts. Deleted and closed accounts still 1450 // count toward your limit. If you get this exception when running a command 1451 // immediately after creating the organization, wait one hour and try again. 1452 // After an hour, if the command continues to fail with this error, contact 1453 // AWS Support (https://console.aws.amazon.com/support/home#/). 1454 // 1455 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 1456 // register the management account of the organization as a delegated administrator 1457 // for an AWS service integrated with Organizations. You can designate only 1458 // a member account as a delegated administrator. 1459 // 1460 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 1461 // an account that is registered as a delegated administrator for a service 1462 // integrated with your organization. To complete this operation, you must 1463 // first deregister this account as a delegated administrator. 1464 // 1465 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 1466 // organization in the specified region, you must enable all features mode. 1467 // 1468 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 1469 // an AWS account as a delegated administrator for an AWS service that already 1470 // has a delegated administrator. To complete this operation, you must first 1471 // deregister any existing delegated administrators for this service. 1472 // 1473 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 1474 // valid for a limited period of time. You must resubmit the request and 1475 // generate a new verfication code. 1476 // 1477 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1478 // handshakes that you can send in one day. 1479 // 1480 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1481 // in this organization, you first must migrate the organization's management 1482 // account to the marketplace that corresponds to the management account's 1483 // address. For example, accounts with India addresses must be associated 1484 // with the AISPL marketplace. All accounts in an organization must be associated 1485 // with the same marketplace. 1486 // 1487 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 1488 // in China. To create an organization, the master must have a valid business 1489 // license. For more information, contact customer support. 1490 // 1491 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1492 // must first provide a valid contact address and phone number for the management 1493 // account. Then try the operation again. 1494 // 1495 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1496 // management account must have an associated account in the AWS GovCloud 1497 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1498 // in the AWS GovCloud User Guide. 1499 // 1500 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1501 // with this management account, you first must associate a valid payment 1502 // instrument, such as a credit card, with the account. Follow the steps 1503 // at To leave an organization when all required account information has 1504 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1505 // in the AWS Organizations User Guide. 1506 // 1507 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 1508 // to register more delegated administrators than allowed for the service 1509 // principal. 1510 // 1511 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1512 // number of policies of a certain type that can be attached to an entity 1513 // at one time. 1514 // 1515 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1516 // on this resource. 1517 // 1518 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1519 // with this member account, you first must associate a valid payment instrument, 1520 // such as a credit card, with the account. Follow the steps at To leave 1521 // an organization when all required account information has not yet been 1522 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1523 // in the AWS Organizations User Guide. 1524 // 1525 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1526 // policy from an entity that would cause the entity to have fewer than the 1527 // minimum number of policies of a certain type required. 1528 // 1529 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1530 // that requires the organization to be configured to support all features. 1531 // An organization that supports only consolidated billing features can't 1532 // perform this operation. 1533 // 1534 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1535 // too many levels deep. 1536 // 1537 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1538 // that you can have in an organization. 1539 // 1540 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 1541 // is larger than the maximum size. 1542 // 1543 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 1544 // policies that you can have in an organization. 1545 // 1546 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 1547 // tags that are not compliant with the tag policy requirements for this 1548 // account. 1549 // 1550 // * InvalidInputException 1551 // The requested operation failed because you provided invalid values for one 1552 // or more of the request parameters. This exception includes a reason that 1553 // contains additional information about the violated limit: 1554 // 1555 // Some of the reasons in the following list might not be applicable to this 1556 // specific API or operation. 1557 // 1558 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 1559 // the same entity. 1560 // 1561 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1562 // can't be modified. 1563 // 1564 // * INPUT_REQUIRED: You must include a value for all required parameters. 1565 // 1566 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 1567 // for the invited account owner. 1568 // 1569 // * INVALID_ENUM: You specified an invalid value. 1570 // 1571 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 1572 // 1573 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1574 // characters. 1575 // 1576 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1577 // at least one invalid value. 1578 // 1579 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1580 // from the response to a previous call of the operation. 1581 // 1582 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1583 // organization, or email) as a party. 1584 // 1585 // * INVALID_PATTERN: You provided a value that doesn't match the required 1586 // pattern. 1587 // 1588 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1589 // match the required pattern. 1590 // 1591 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1592 // name can't begin with the reserved prefix AWSServiceRoleFor. 1593 // 1594 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1595 // Name (ARN) for the organization. 1596 // 1597 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1598 // 1599 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1600 // tag. You can’t add, edit, or delete system tag keys because they're 1601 // reserved for AWS use. System tags don’t count against your tags per 1602 // resource limit. 1603 // 1604 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1605 // for the operation. 1606 // 1607 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1608 // than allowed. 1609 // 1610 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1611 // value than allowed. 1612 // 1613 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1614 // than allowed. 1615 // 1616 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1617 // value than allowed. 1618 // 1619 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1620 // between entities in the same root. 1621 // 1622 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 1623 // target entity. 1624 // 1625 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 1626 // isn't recognized. 1627 // 1628 // * FinalizingOrganizationException 1629 // AWS Organizations couldn't perform the operation because your organization 1630 // hasn't finished initializing. This can take up to an hour. Try again later. 1631 // If after one hour you continue to receive this error, contact AWS Support 1632 // (https://console.aws.amazon.com/support/home#/). 1633 // 1634 // * ServiceException 1635 // AWS Organizations can't complete your request because of an internal service 1636 // error. Try again later. 1637 // 1638 // * TooManyRequestsException 1639 // You have sent too many requests in too short a period of time. The quota 1640 // helps protect against denial-of-service attacks. Try again later. 1641 // 1642 // For information about quotas that affect AWS Organizations, see Quotas for 1643 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 1644 // the AWS Organizations User Guide. 1645 // 1646 // * UnsupportedAPIEndpointException 1647 // This action isn't available in the current AWS Region. 1648 // 1649 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount 1650 func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) { 1651 req, out := c.CreateGovCloudAccountRequest(input) 1652 return out, req.Send() 1653 } 1654 1655 // CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of 1656 // the ability to pass a context and additional request options. 1657 // 1658 // See CreateGovCloudAccount for details on how to use this API operation. 1659 // 1660 // The context must be non-nil and will be used for request cancellation. If 1661 // the context is nil a panic will occur. In the future the SDK may create 1662 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1663 // for more information on using Contexts. 1664 func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) { 1665 req, out := c.CreateGovCloudAccountRequest(input) 1666 req.SetContext(ctx) 1667 req.ApplyOptions(opts...) 1668 return out, req.Send() 1669 } 1670 1671 const opCreateOrganization = "CreateOrganization" 1672 1673 // CreateOrganizationRequest generates a "aws/request.Request" representing the 1674 // client's request for the CreateOrganization operation. The "output" return 1675 // value will be populated with the request's response once the request completes 1676 // successfully. 1677 // 1678 // Use "Send" method on the returned Request to send the API call to the service. 1679 // the "output" return value is not valid until after Send returns without error. 1680 // 1681 // See CreateOrganization for more information on using the CreateOrganization 1682 // API call, and error handling. 1683 // 1684 // This method is useful when you want to inject custom logic or configuration 1685 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 1686 // 1687 // 1688 // // Example sending a request using the CreateOrganizationRequest method. 1689 // req, resp := client.CreateOrganizationRequest(params) 1690 // 1691 // err := req.Send() 1692 // if err == nil { // resp is now filled 1693 // fmt.Println(resp) 1694 // } 1695 // 1696 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1697 func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) { 1698 op := &request.Operation{ 1699 Name: opCreateOrganization, 1700 HTTPMethod: "POST", 1701 HTTPPath: "/", 1702 } 1703 1704 if input == nil { 1705 input = &CreateOrganizationInput{} 1706 } 1707 1708 output = &CreateOrganizationOutput{} 1709 req = c.newRequest(op, input, output) 1710 return 1711 } 1712 1713 // CreateOrganization API operation for AWS Organizations. 1714 // 1715 // Creates an AWS organization. The account whose user is calling the CreateOrganization 1716 // operation automatically becomes the management account (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account) 1717 // of the new organization. 1718 // 1719 // This operation must be called using credentials from the account that is 1720 // to become the new organization's management account. The principal must also 1721 // have the relevant IAM permissions. 1722 // 1723 // By default (or if you set the FeatureSet parameter to ALL), the new organization 1724 // is created with all features enabled and service control policies automatically 1725 // enabled in the root. If you instead choose to create the organization supporting 1726 // only the consolidated billing features by setting the FeatureSet parameter 1727 // to CONSOLIDATED_BILLING", no policy types are enabled by default, and you 1728 // can't use organization policies 1729 // 1730 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1731 // with awserr.Error's Code and Message methods to get detailed information about 1732 // the error. 1733 // 1734 // See the AWS API reference guide for AWS Organizations's 1735 // API operation CreateOrganization for usage and error information. 1736 // 1737 // Returned Error Types: 1738 // * AccessDeniedException 1739 // You don't have permissions to perform the requested operation. The user or 1740 // role that is making the request must have at least one IAM permissions policy 1741 // attached that grants the required permissions. For more information, see 1742 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 1743 // in the IAM User Guide. 1744 // 1745 // * AlreadyInOrganizationException 1746 // This account is already a member of an organization. An account can belong 1747 // to only one organization at a time. 1748 // 1749 // * ConcurrentModificationException 1750 // The target of the operation is currently being modified by a different request. 1751 // Try again later. 1752 // 1753 // * ConstraintViolationException 1754 // Performing this operation violates a minimum or maximum value limit. For 1755 // example, attempting to remove the last service control policy (SCP) from 1756 // an OU or root, inviting or creating too many accounts to the organization, 1757 // or attaching too many policies to an account, OU, or root. This exception 1758 // includes a reason that contains additional information about the violated 1759 // limit: 1760 // 1761 // Some of the reasons in the following list might not be applicable to this 1762 // specific API or operation. 1763 // 1764 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 1765 // account from the organization. You can't remove the management account. 1766 // Instead, after you remove all member accounts, delete the organization 1767 // itself. 1768 // 1769 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 1770 // from the organization that doesn't yet have enough information to exist 1771 // as a standalone account. This account requires you to first agree to the 1772 // AWS Customer Agreement. Follow the steps at Removing a member account 1773 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 1774 // the AWS Organizations User Guide. 1775 // 1776 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 1777 // an account from the organization that doesn't yet have enough information 1778 // to exist as a standalone account. This account requires you to first complete 1779 // phone verification. Follow the steps at Removing a member account from 1780 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 1781 // in the AWS Organizations User Guide. 1782 // 1783 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 1784 // of accounts that you can create in one day. 1785 // 1786 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 1787 // the number of accounts in an organization. If you need more accounts, 1788 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 1789 // request an increase in your limit. Or the number of invitations that you 1790 // tried to send would cause you to exceed the limit of accounts in your 1791 // organization. Send fewer invitations or contact AWS Support to request 1792 // an increase in the number of accounts. Deleted and closed accounts still 1793 // count toward your limit. If you get this exception when running a command 1794 // immediately after creating the organization, wait one hour and try again. 1795 // After an hour, if the command continues to fail with this error, contact 1796 // AWS Support (https://console.aws.amazon.com/support/home#/). 1797 // 1798 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 1799 // register the management account of the organization as a delegated administrator 1800 // for an AWS service integrated with Organizations. You can designate only 1801 // a member account as a delegated administrator. 1802 // 1803 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 1804 // an account that is registered as a delegated administrator for a service 1805 // integrated with your organization. To complete this operation, you must 1806 // first deregister this account as a delegated administrator. 1807 // 1808 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 1809 // organization in the specified region, you must enable all features mode. 1810 // 1811 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 1812 // an AWS account as a delegated administrator for an AWS service that already 1813 // has a delegated administrator. To complete this operation, you must first 1814 // deregister any existing delegated administrators for this service. 1815 // 1816 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 1817 // valid for a limited period of time. You must resubmit the request and 1818 // generate a new verfication code. 1819 // 1820 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 1821 // handshakes that you can send in one day. 1822 // 1823 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 1824 // in this organization, you first must migrate the organization's management 1825 // account to the marketplace that corresponds to the management account's 1826 // address. For example, accounts with India addresses must be associated 1827 // with the AISPL marketplace. All accounts in an organization must be associated 1828 // with the same marketplace. 1829 // 1830 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 1831 // in China. To create an organization, the master must have a valid business 1832 // license. For more information, contact customer support. 1833 // 1834 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 1835 // must first provide a valid contact address and phone number for the management 1836 // account. Then try the operation again. 1837 // 1838 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 1839 // management account must have an associated account in the AWS GovCloud 1840 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 1841 // in the AWS GovCloud User Guide. 1842 // 1843 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 1844 // with this management account, you first must associate a valid payment 1845 // instrument, such as a credit card, with the account. Follow the steps 1846 // at To leave an organization when all required account information has 1847 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1848 // in the AWS Organizations User Guide. 1849 // 1850 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 1851 // to register more delegated administrators than allowed for the service 1852 // principal. 1853 // 1854 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 1855 // number of policies of a certain type that can be attached to an entity 1856 // at one time. 1857 // 1858 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 1859 // on this resource. 1860 // 1861 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 1862 // with this member account, you first must associate a valid payment instrument, 1863 // such as a credit card, with the account. Follow the steps at To leave 1864 // an organization when all required account information has not yet been 1865 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 1866 // in the AWS Organizations User Guide. 1867 // 1868 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 1869 // policy from an entity that would cause the entity to have fewer than the 1870 // minimum number of policies of a certain type required. 1871 // 1872 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 1873 // that requires the organization to be configured to support all features. 1874 // An organization that supports only consolidated billing features can't 1875 // perform this operation. 1876 // 1877 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 1878 // too many levels deep. 1879 // 1880 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 1881 // that you can have in an organization. 1882 // 1883 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 1884 // is larger than the maximum size. 1885 // 1886 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 1887 // policies that you can have in an organization. 1888 // 1889 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 1890 // tags that are not compliant with the tag policy requirements for this 1891 // account. 1892 // 1893 // * InvalidInputException 1894 // The requested operation failed because you provided invalid values for one 1895 // or more of the request parameters. This exception includes a reason that 1896 // contains additional information about the violated limit: 1897 // 1898 // Some of the reasons in the following list might not be applicable to this 1899 // specific API or operation. 1900 // 1901 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 1902 // the same entity. 1903 // 1904 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 1905 // can't be modified. 1906 // 1907 // * INPUT_REQUIRED: You must include a value for all required parameters. 1908 // 1909 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 1910 // for the invited account owner. 1911 // 1912 // * INVALID_ENUM: You specified an invalid value. 1913 // 1914 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 1915 // 1916 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 1917 // characters. 1918 // 1919 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 1920 // at least one invalid value. 1921 // 1922 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 1923 // from the response to a previous call of the operation. 1924 // 1925 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 1926 // organization, or email) as a party. 1927 // 1928 // * INVALID_PATTERN: You provided a value that doesn't match the required 1929 // pattern. 1930 // 1931 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 1932 // match the required pattern. 1933 // 1934 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 1935 // name can't begin with the reserved prefix AWSServiceRoleFor. 1936 // 1937 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 1938 // Name (ARN) for the organization. 1939 // 1940 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 1941 // 1942 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 1943 // tag. You can’t add, edit, or delete system tag keys because they're 1944 // reserved for AWS use. System tags don’t count against your tags per 1945 // resource limit. 1946 // 1947 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 1948 // for the operation. 1949 // 1950 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 1951 // than allowed. 1952 // 1953 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 1954 // value than allowed. 1955 // 1956 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 1957 // than allowed. 1958 // 1959 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 1960 // value than allowed. 1961 // 1962 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 1963 // between entities in the same root. 1964 // 1965 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 1966 // target entity. 1967 // 1968 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 1969 // isn't recognized. 1970 // 1971 // * ServiceException 1972 // AWS Organizations can't complete your request because of an internal service 1973 // error. Try again later. 1974 // 1975 // * TooManyRequestsException 1976 // You have sent too many requests in too short a period of time. The quota 1977 // helps protect against denial-of-service attacks. Try again later. 1978 // 1979 // For information about quotas that affect AWS Organizations, see Quotas for 1980 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 1981 // the AWS Organizations User Guide. 1982 // 1983 // * AccessDeniedForDependencyException 1984 // The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 1985 // for organizations.amazonaws.com permission so that AWS Organizations can 1986 // create the required service-linked role. You don't have that permission. 1987 // 1988 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization 1989 func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) { 1990 req, out := c.CreateOrganizationRequest(input) 1991 return out, req.Send() 1992 } 1993 1994 // CreateOrganizationWithContext is the same as CreateOrganization with the addition of 1995 // the ability to pass a context and additional request options. 1996 // 1997 // See CreateOrganization for details on how to use this API operation. 1998 // 1999 // The context must be non-nil and will be used for request cancellation. If 2000 // the context is nil a panic will occur. In the future the SDK may create 2001 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2002 // for more information on using Contexts. 2003 func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) { 2004 req, out := c.CreateOrganizationRequest(input) 2005 req.SetContext(ctx) 2006 req.ApplyOptions(opts...) 2007 return out, req.Send() 2008 } 2009 2010 const opCreateOrganizationalUnit = "CreateOrganizationalUnit" 2011 2012 // CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the 2013 // client's request for the CreateOrganizationalUnit operation. The "output" return 2014 // value will be populated with the request's response once the request completes 2015 // successfully. 2016 // 2017 // Use "Send" method on the returned Request to send the API call to the service. 2018 // the "output" return value is not valid until after Send returns without error. 2019 // 2020 // See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit 2021 // API call, and error handling. 2022 // 2023 // This method is useful when you want to inject custom logic or configuration 2024 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 2025 // 2026 // 2027 // // Example sending a request using the CreateOrganizationalUnitRequest method. 2028 // req, resp := client.CreateOrganizationalUnitRequest(params) 2029 // 2030 // err := req.Send() 2031 // if err == nil { // resp is now filled 2032 // fmt.Println(resp) 2033 // } 2034 // 2035 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 2036 func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) { 2037 op := &request.Operation{ 2038 Name: opCreateOrganizationalUnit, 2039 HTTPMethod: "POST", 2040 HTTPPath: "/", 2041 } 2042 2043 if input == nil { 2044 input = &CreateOrganizationalUnitInput{} 2045 } 2046 2047 output = &CreateOrganizationalUnitOutput{} 2048 req = c.newRequest(op, input, output) 2049 return 2050 } 2051 2052 // CreateOrganizationalUnit API operation for AWS Organizations. 2053 // 2054 // Creates an organizational unit (OU) within a root or parent OU. An OU is 2055 // a container for accounts that enables you to organize your accounts to apply 2056 // policies according to your business requirements. The number of levels deep 2057 // that you can nest OUs is dependent upon the policy types enabled for that 2058 // root. For service control policies, the limit is five. 2059 // 2060 // For more information about OUs, see Managing Organizational Units (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html) 2061 // in the AWS Organizations User Guide. 2062 // 2063 // If the request includes tags, then the requester must have the organizations:TagResource 2064 // permission. 2065 // 2066 // This operation can be called only from the organization's management account. 2067 // 2068 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2069 // with awserr.Error's Code and Message methods to get detailed information about 2070 // the error. 2071 // 2072 // See the AWS API reference guide for AWS Organizations's 2073 // API operation CreateOrganizationalUnit for usage and error information. 2074 // 2075 // Returned Error Types: 2076 // * AccessDeniedException 2077 // You don't have permissions to perform the requested operation. The user or 2078 // role that is making the request must have at least one IAM permissions policy 2079 // attached that grants the required permissions. For more information, see 2080 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2081 // in the IAM User Guide. 2082 // 2083 // * AWSOrganizationsNotInUseException 2084 // Your account isn't a member of an organization. To make this request, you 2085 // must use the credentials of an account that belongs to an organization. 2086 // 2087 // * ConcurrentModificationException 2088 // The target of the operation is currently being modified by a different request. 2089 // Try again later. 2090 // 2091 // * ConstraintViolationException 2092 // Performing this operation violates a minimum or maximum value limit. For 2093 // example, attempting to remove the last service control policy (SCP) from 2094 // an OU or root, inviting or creating too many accounts to the organization, 2095 // or attaching too many policies to an account, OU, or root. This exception 2096 // includes a reason that contains additional information about the violated 2097 // limit: 2098 // 2099 // Some of the reasons in the following list might not be applicable to this 2100 // specific API or operation. 2101 // 2102 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 2103 // account from the organization. You can't remove the management account. 2104 // Instead, after you remove all member accounts, delete the organization 2105 // itself. 2106 // 2107 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 2108 // from the organization that doesn't yet have enough information to exist 2109 // as a standalone account. This account requires you to first agree to the 2110 // AWS Customer Agreement. Follow the steps at Removing a member account 2111 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 2112 // the AWS Organizations User Guide. 2113 // 2114 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 2115 // an account from the organization that doesn't yet have enough information 2116 // to exist as a standalone account. This account requires you to first complete 2117 // phone verification. Follow the steps at Removing a member account from 2118 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 2119 // in the AWS Organizations User Guide. 2120 // 2121 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 2122 // of accounts that you can create in one day. 2123 // 2124 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 2125 // the number of accounts in an organization. If you need more accounts, 2126 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 2127 // request an increase in your limit. Or the number of invitations that you 2128 // tried to send would cause you to exceed the limit of accounts in your 2129 // organization. Send fewer invitations or contact AWS Support to request 2130 // an increase in the number of accounts. Deleted and closed accounts still 2131 // count toward your limit. If you get this exception when running a command 2132 // immediately after creating the organization, wait one hour and try again. 2133 // After an hour, if the command continues to fail with this error, contact 2134 // AWS Support (https://console.aws.amazon.com/support/home#/). 2135 // 2136 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 2137 // register the management account of the organization as a delegated administrator 2138 // for an AWS service integrated with Organizations. You can designate only 2139 // a member account as a delegated administrator. 2140 // 2141 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 2142 // an account that is registered as a delegated administrator for a service 2143 // integrated with your organization. To complete this operation, you must 2144 // first deregister this account as a delegated administrator. 2145 // 2146 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 2147 // organization in the specified region, you must enable all features mode. 2148 // 2149 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 2150 // an AWS account as a delegated administrator for an AWS service that already 2151 // has a delegated administrator. To complete this operation, you must first 2152 // deregister any existing delegated administrators for this service. 2153 // 2154 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 2155 // valid for a limited period of time. You must resubmit the request and 2156 // generate a new verfication code. 2157 // 2158 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 2159 // handshakes that you can send in one day. 2160 // 2161 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 2162 // in this organization, you first must migrate the organization's management 2163 // account to the marketplace that corresponds to the management account's 2164 // address. For example, accounts with India addresses must be associated 2165 // with the AISPL marketplace. All accounts in an organization must be associated 2166 // with the same marketplace. 2167 // 2168 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 2169 // in China. To create an organization, the master must have a valid business 2170 // license. For more information, contact customer support. 2171 // 2172 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 2173 // must first provide a valid contact address and phone number for the management 2174 // account. Then try the operation again. 2175 // 2176 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 2177 // management account must have an associated account in the AWS GovCloud 2178 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 2179 // in the AWS GovCloud User Guide. 2180 // 2181 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 2182 // with this management account, you first must associate a valid payment 2183 // instrument, such as a credit card, with the account. Follow the steps 2184 // at To leave an organization when all required account information has 2185 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2186 // in the AWS Organizations User Guide. 2187 // 2188 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 2189 // to register more delegated administrators than allowed for the service 2190 // principal. 2191 // 2192 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 2193 // number of policies of a certain type that can be attached to an entity 2194 // at one time. 2195 // 2196 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 2197 // on this resource. 2198 // 2199 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 2200 // with this member account, you first must associate a valid payment instrument, 2201 // such as a credit card, with the account. Follow the steps at To leave 2202 // an organization when all required account information has not yet been 2203 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2204 // in the AWS Organizations User Guide. 2205 // 2206 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 2207 // policy from an entity that would cause the entity to have fewer than the 2208 // minimum number of policies of a certain type required. 2209 // 2210 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 2211 // that requires the organization to be configured to support all features. 2212 // An organization that supports only consolidated billing features can't 2213 // perform this operation. 2214 // 2215 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 2216 // too many levels deep. 2217 // 2218 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 2219 // that you can have in an organization. 2220 // 2221 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 2222 // is larger than the maximum size. 2223 // 2224 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 2225 // policies that you can have in an organization. 2226 // 2227 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 2228 // tags that are not compliant with the tag policy requirements for this 2229 // account. 2230 // 2231 // * DuplicateOrganizationalUnitException 2232 // An OU with the same name already exists. 2233 // 2234 // * InvalidInputException 2235 // The requested operation failed because you provided invalid values for one 2236 // or more of the request parameters. This exception includes a reason that 2237 // contains additional information about the violated limit: 2238 // 2239 // Some of the reasons in the following list might not be applicable to this 2240 // specific API or operation. 2241 // 2242 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 2243 // the same entity. 2244 // 2245 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2246 // can't be modified. 2247 // 2248 // * INPUT_REQUIRED: You must include a value for all required parameters. 2249 // 2250 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 2251 // for the invited account owner. 2252 // 2253 // * INVALID_ENUM: You specified an invalid value. 2254 // 2255 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 2256 // 2257 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2258 // characters. 2259 // 2260 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2261 // at least one invalid value. 2262 // 2263 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2264 // from the response to a previous call of the operation. 2265 // 2266 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2267 // organization, or email) as a party. 2268 // 2269 // * INVALID_PATTERN: You provided a value that doesn't match the required 2270 // pattern. 2271 // 2272 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2273 // match the required pattern. 2274 // 2275 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2276 // name can't begin with the reserved prefix AWSServiceRoleFor. 2277 // 2278 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2279 // Name (ARN) for the organization. 2280 // 2281 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2282 // 2283 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2284 // tag. You can’t add, edit, or delete system tag keys because they're 2285 // reserved for AWS use. System tags don’t count against your tags per 2286 // resource limit. 2287 // 2288 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2289 // for the operation. 2290 // 2291 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2292 // than allowed. 2293 // 2294 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2295 // value than allowed. 2296 // 2297 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2298 // than allowed. 2299 // 2300 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2301 // value than allowed. 2302 // 2303 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2304 // between entities in the same root. 2305 // 2306 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 2307 // target entity. 2308 // 2309 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 2310 // isn't recognized. 2311 // 2312 // * ParentNotFoundException 2313 // We can't find a root or OU with the ParentId that you specified. 2314 // 2315 // * ServiceException 2316 // AWS Organizations can't complete your request because of an internal service 2317 // error. Try again later. 2318 // 2319 // * TooManyRequestsException 2320 // You have sent too many requests in too short a period of time. The quota 2321 // helps protect against denial-of-service attacks. Try again later. 2322 // 2323 // For information about quotas that affect AWS Organizations, see Quotas for 2324 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2325 // the AWS Organizations User Guide. 2326 // 2327 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit 2328 func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) { 2329 req, out := c.CreateOrganizationalUnitRequest(input) 2330 return out, req.Send() 2331 } 2332 2333 // CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of 2334 // the ability to pass a context and additional request options. 2335 // 2336 // See CreateOrganizationalUnit for details on how to use this API operation. 2337 // 2338 // The context must be non-nil and will be used for request cancellation. If 2339 // the context is nil a panic will occur. In the future the SDK may create 2340 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2341 // for more information on using Contexts. 2342 func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) { 2343 req, out := c.CreateOrganizationalUnitRequest(input) 2344 req.SetContext(ctx) 2345 req.ApplyOptions(opts...) 2346 return out, req.Send() 2347 } 2348 2349 const opCreatePolicy = "CreatePolicy" 2350 2351 // CreatePolicyRequest generates a "aws/request.Request" representing the 2352 // client's request for the CreatePolicy operation. The "output" return 2353 // value will be populated with the request's response once the request completes 2354 // successfully. 2355 // 2356 // Use "Send" method on the returned Request to send the API call to the service. 2357 // the "output" return value is not valid until after Send returns without error. 2358 // 2359 // See CreatePolicy for more information on using the CreatePolicy 2360 // API call, and error handling. 2361 // 2362 // This method is useful when you want to inject custom logic or configuration 2363 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 2364 // 2365 // 2366 // // Example sending a request using the CreatePolicyRequest method. 2367 // req, resp := client.CreatePolicyRequest(params) 2368 // 2369 // err := req.Send() 2370 // if err == nil { // resp is now filled 2371 // fmt.Println(resp) 2372 // } 2373 // 2374 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2375 func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) { 2376 op := &request.Operation{ 2377 Name: opCreatePolicy, 2378 HTTPMethod: "POST", 2379 HTTPPath: "/", 2380 } 2381 2382 if input == nil { 2383 input = &CreatePolicyInput{} 2384 } 2385 2386 output = &CreatePolicyOutput{} 2387 req = c.newRequest(op, input, output) 2388 return 2389 } 2390 2391 // CreatePolicy API operation for AWS Organizations. 2392 // 2393 // Creates a policy of a specified type that you can attach to a root, an organizational 2394 // unit (OU), or an individual AWS account. 2395 // 2396 // For more information about policies and their use, see Managing Organization 2397 // Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html). 2398 // 2399 // If the request includes tags, then the requester must have the organizations:TagResource 2400 // permission. 2401 // 2402 // This operation can be called only from the organization's management account. 2403 // 2404 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2405 // with awserr.Error's Code and Message methods to get detailed information about 2406 // the error. 2407 // 2408 // See the AWS API reference guide for AWS Organizations's 2409 // API operation CreatePolicy for usage and error information. 2410 // 2411 // Returned Error Types: 2412 // * AccessDeniedException 2413 // You don't have permissions to perform the requested operation. The user or 2414 // role that is making the request must have at least one IAM permissions policy 2415 // attached that grants the required permissions. For more information, see 2416 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2417 // in the IAM User Guide. 2418 // 2419 // * AWSOrganizationsNotInUseException 2420 // Your account isn't a member of an organization. To make this request, you 2421 // must use the credentials of an account that belongs to an organization. 2422 // 2423 // * ConcurrentModificationException 2424 // The target of the operation is currently being modified by a different request. 2425 // Try again later. 2426 // 2427 // * ConstraintViolationException 2428 // Performing this operation violates a minimum or maximum value limit. For 2429 // example, attempting to remove the last service control policy (SCP) from 2430 // an OU or root, inviting or creating too many accounts to the organization, 2431 // or attaching too many policies to an account, OU, or root. This exception 2432 // includes a reason that contains additional information about the violated 2433 // limit: 2434 // 2435 // Some of the reasons in the following list might not be applicable to this 2436 // specific API or operation. 2437 // 2438 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 2439 // account from the organization. You can't remove the management account. 2440 // Instead, after you remove all member accounts, delete the organization 2441 // itself. 2442 // 2443 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 2444 // from the organization that doesn't yet have enough information to exist 2445 // as a standalone account. This account requires you to first agree to the 2446 // AWS Customer Agreement. Follow the steps at Removing a member account 2447 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 2448 // the AWS Organizations User Guide. 2449 // 2450 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 2451 // an account from the organization that doesn't yet have enough information 2452 // to exist as a standalone account. This account requires you to first complete 2453 // phone verification. Follow the steps at Removing a member account from 2454 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 2455 // in the AWS Organizations User Guide. 2456 // 2457 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 2458 // of accounts that you can create in one day. 2459 // 2460 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 2461 // the number of accounts in an organization. If you need more accounts, 2462 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 2463 // request an increase in your limit. Or the number of invitations that you 2464 // tried to send would cause you to exceed the limit of accounts in your 2465 // organization. Send fewer invitations or contact AWS Support to request 2466 // an increase in the number of accounts. Deleted and closed accounts still 2467 // count toward your limit. If you get this exception when running a command 2468 // immediately after creating the organization, wait one hour and try again. 2469 // After an hour, if the command continues to fail with this error, contact 2470 // AWS Support (https://console.aws.amazon.com/support/home#/). 2471 // 2472 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 2473 // register the management account of the organization as a delegated administrator 2474 // for an AWS service integrated with Organizations. You can designate only 2475 // a member account as a delegated administrator. 2476 // 2477 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 2478 // an account that is registered as a delegated administrator for a service 2479 // integrated with your organization. To complete this operation, you must 2480 // first deregister this account as a delegated administrator. 2481 // 2482 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 2483 // organization in the specified region, you must enable all features mode. 2484 // 2485 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 2486 // an AWS account as a delegated administrator for an AWS service that already 2487 // has a delegated administrator. To complete this operation, you must first 2488 // deregister any existing delegated administrators for this service. 2489 // 2490 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 2491 // valid for a limited period of time. You must resubmit the request and 2492 // generate a new verfication code. 2493 // 2494 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 2495 // handshakes that you can send in one day. 2496 // 2497 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 2498 // in this organization, you first must migrate the organization's management 2499 // account to the marketplace that corresponds to the management account's 2500 // address. For example, accounts with India addresses must be associated 2501 // with the AISPL marketplace. All accounts in an organization must be associated 2502 // with the same marketplace. 2503 // 2504 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 2505 // in China. To create an organization, the master must have a valid business 2506 // license. For more information, contact customer support. 2507 // 2508 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 2509 // must first provide a valid contact address and phone number for the management 2510 // account. Then try the operation again. 2511 // 2512 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 2513 // management account must have an associated account in the AWS GovCloud 2514 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 2515 // in the AWS GovCloud User Guide. 2516 // 2517 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 2518 // with this management account, you first must associate a valid payment 2519 // instrument, such as a credit card, with the account. Follow the steps 2520 // at To leave an organization when all required account information has 2521 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2522 // in the AWS Organizations User Guide. 2523 // 2524 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 2525 // to register more delegated administrators than allowed for the service 2526 // principal. 2527 // 2528 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 2529 // number of policies of a certain type that can be attached to an entity 2530 // at one time. 2531 // 2532 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 2533 // on this resource. 2534 // 2535 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 2536 // with this member account, you first must associate a valid payment instrument, 2537 // such as a credit card, with the account. Follow the steps at To leave 2538 // an organization when all required account information has not yet been 2539 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 2540 // in the AWS Organizations User Guide. 2541 // 2542 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 2543 // policy from an entity that would cause the entity to have fewer than the 2544 // minimum number of policies of a certain type required. 2545 // 2546 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 2547 // that requires the organization to be configured to support all features. 2548 // An organization that supports only consolidated billing features can't 2549 // perform this operation. 2550 // 2551 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 2552 // too many levels deep. 2553 // 2554 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 2555 // that you can have in an organization. 2556 // 2557 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 2558 // is larger than the maximum size. 2559 // 2560 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 2561 // policies that you can have in an organization. 2562 // 2563 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 2564 // tags that are not compliant with the tag policy requirements for this 2565 // account. 2566 // 2567 // * DuplicatePolicyException 2568 // A policy with the same name already exists. 2569 // 2570 // * InvalidInputException 2571 // The requested operation failed because you provided invalid values for one 2572 // or more of the request parameters. This exception includes a reason that 2573 // contains additional information about the violated limit: 2574 // 2575 // Some of the reasons in the following list might not be applicable to this 2576 // specific API or operation. 2577 // 2578 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 2579 // the same entity. 2580 // 2581 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2582 // can't be modified. 2583 // 2584 // * INPUT_REQUIRED: You must include a value for all required parameters. 2585 // 2586 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 2587 // for the invited account owner. 2588 // 2589 // * INVALID_ENUM: You specified an invalid value. 2590 // 2591 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 2592 // 2593 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2594 // characters. 2595 // 2596 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2597 // at least one invalid value. 2598 // 2599 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2600 // from the response to a previous call of the operation. 2601 // 2602 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2603 // organization, or email) as a party. 2604 // 2605 // * INVALID_PATTERN: You provided a value that doesn't match the required 2606 // pattern. 2607 // 2608 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2609 // match the required pattern. 2610 // 2611 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2612 // name can't begin with the reserved prefix AWSServiceRoleFor. 2613 // 2614 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2615 // Name (ARN) for the organization. 2616 // 2617 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2618 // 2619 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2620 // tag. You can’t add, edit, or delete system tag keys because they're 2621 // reserved for AWS use. System tags don’t count against your tags per 2622 // resource limit. 2623 // 2624 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2625 // for the operation. 2626 // 2627 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2628 // than allowed. 2629 // 2630 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2631 // value than allowed. 2632 // 2633 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2634 // than allowed. 2635 // 2636 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2637 // value than allowed. 2638 // 2639 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2640 // between entities in the same root. 2641 // 2642 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 2643 // target entity. 2644 // 2645 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 2646 // isn't recognized. 2647 // 2648 // * MalformedPolicyDocumentException 2649 // The provided policy document doesn't meet the requirements of the specified 2650 // policy type. For example, the syntax might be incorrect. For details about 2651 // service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 2652 // in the AWS Organizations User Guide. 2653 // 2654 // * PolicyTypeNotAvailableForOrganizationException 2655 // You can't use the specified policy type with the feature set currently enabled 2656 // for this organization. For example, you can enable SCPs only after you enable 2657 // all features in the organization. For more information, see Managing AWS 2658 // Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in 2659 // the AWS Organizations User Guide. 2660 // 2661 // * ServiceException 2662 // AWS Organizations can't complete your request because of an internal service 2663 // error. Try again later. 2664 // 2665 // * TooManyRequestsException 2666 // You have sent too many requests in too short a period of time. The quota 2667 // helps protect against denial-of-service attacks. Try again later. 2668 // 2669 // For information about quotas that affect AWS Organizations, see Quotas for 2670 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2671 // the AWS Organizations User Guide. 2672 // 2673 // * UnsupportedAPIEndpointException 2674 // This action isn't available in the current AWS Region. 2675 // 2676 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy 2677 func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) { 2678 req, out := c.CreatePolicyRequest(input) 2679 return out, req.Send() 2680 } 2681 2682 // CreatePolicyWithContext is the same as CreatePolicy with the addition of 2683 // the ability to pass a context and additional request options. 2684 // 2685 // See CreatePolicy for details on how to use this API operation. 2686 // 2687 // The context must be non-nil and will be used for request cancellation. If 2688 // the context is nil a panic will occur. In the future the SDK may create 2689 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2690 // for more information on using Contexts. 2691 func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) { 2692 req, out := c.CreatePolicyRequest(input) 2693 req.SetContext(ctx) 2694 req.ApplyOptions(opts...) 2695 return out, req.Send() 2696 } 2697 2698 const opDeclineHandshake = "DeclineHandshake" 2699 2700 // DeclineHandshakeRequest generates a "aws/request.Request" representing the 2701 // client's request for the DeclineHandshake operation. The "output" return 2702 // value will be populated with the request's response once the request completes 2703 // successfully. 2704 // 2705 // Use "Send" method on the returned Request to send the API call to the service. 2706 // the "output" return value is not valid until after Send returns without error. 2707 // 2708 // See DeclineHandshake for more information on using the DeclineHandshake 2709 // API call, and error handling. 2710 // 2711 // This method is useful when you want to inject custom logic or configuration 2712 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 2713 // 2714 // 2715 // // Example sending a request using the DeclineHandshakeRequest method. 2716 // req, resp := client.DeclineHandshakeRequest(params) 2717 // 2718 // err := req.Send() 2719 // if err == nil { // resp is now filled 2720 // fmt.Println(resp) 2721 // } 2722 // 2723 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2724 func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) { 2725 op := &request.Operation{ 2726 Name: opDeclineHandshake, 2727 HTTPMethod: "POST", 2728 HTTPPath: "/", 2729 } 2730 2731 if input == nil { 2732 input = &DeclineHandshakeInput{} 2733 } 2734 2735 output = &DeclineHandshakeOutput{} 2736 req = c.newRequest(op, input, output) 2737 return 2738 } 2739 2740 // DeclineHandshake API operation for AWS Organizations. 2741 // 2742 // Declines a handshake request. This sets the handshake state to DECLINED and 2743 // effectively deactivates the request. 2744 // 2745 // This operation can be called only from the account that received the handshake. 2746 // The originator of the handshake can use CancelHandshake instead. The originator 2747 // can't reactivate a declined request, but can reinitiate the process with 2748 // a new handshake request. 2749 // 2750 // After you decline a handshake, it continues to appear in the results of relevant 2751 // APIs for only 30 days. After that, it's deleted. 2752 // 2753 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2754 // with awserr.Error's Code and Message methods to get detailed information about 2755 // the error. 2756 // 2757 // See the AWS API reference guide for AWS Organizations's 2758 // API operation DeclineHandshake for usage and error information. 2759 // 2760 // Returned Error Types: 2761 // * AccessDeniedException 2762 // You don't have permissions to perform the requested operation. The user or 2763 // role that is making the request must have at least one IAM permissions policy 2764 // attached that grants the required permissions. For more information, see 2765 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2766 // in the IAM User Guide. 2767 // 2768 // * ConcurrentModificationException 2769 // The target of the operation is currently being modified by a different request. 2770 // Try again later. 2771 // 2772 // * HandshakeNotFoundException 2773 // We can't find a handshake with the HandshakeId that you specified. 2774 // 2775 // * InvalidHandshakeTransitionException 2776 // You can't perform the operation on the handshake in its current state. For 2777 // example, you can't cancel a handshake that was already accepted or accept 2778 // a handshake that was already declined. 2779 // 2780 // * HandshakeAlreadyInStateException 2781 // The specified handshake is already in the requested state. For example, you 2782 // can't accept a handshake that was already accepted. 2783 // 2784 // * InvalidInputException 2785 // The requested operation failed because you provided invalid values for one 2786 // or more of the request parameters. This exception includes a reason that 2787 // contains additional information about the violated limit: 2788 // 2789 // Some of the reasons in the following list might not be applicable to this 2790 // specific API or operation. 2791 // 2792 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 2793 // the same entity. 2794 // 2795 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2796 // can't be modified. 2797 // 2798 // * INPUT_REQUIRED: You must include a value for all required parameters. 2799 // 2800 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 2801 // for the invited account owner. 2802 // 2803 // * INVALID_ENUM: You specified an invalid value. 2804 // 2805 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 2806 // 2807 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2808 // characters. 2809 // 2810 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2811 // at least one invalid value. 2812 // 2813 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2814 // from the response to a previous call of the operation. 2815 // 2816 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 2817 // organization, or email) as a party. 2818 // 2819 // * INVALID_PATTERN: You provided a value that doesn't match the required 2820 // pattern. 2821 // 2822 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 2823 // match the required pattern. 2824 // 2825 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 2826 // name can't begin with the reserved prefix AWSServiceRoleFor. 2827 // 2828 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 2829 // Name (ARN) for the organization. 2830 // 2831 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 2832 // 2833 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 2834 // tag. You can’t add, edit, or delete system tag keys because they're 2835 // reserved for AWS use. System tags don’t count against your tags per 2836 // resource limit. 2837 // 2838 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 2839 // for the operation. 2840 // 2841 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 2842 // than allowed. 2843 // 2844 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 2845 // value than allowed. 2846 // 2847 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 2848 // than allowed. 2849 // 2850 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 2851 // value than allowed. 2852 // 2853 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 2854 // between entities in the same root. 2855 // 2856 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 2857 // target entity. 2858 // 2859 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 2860 // isn't recognized. 2861 // 2862 // * ServiceException 2863 // AWS Organizations can't complete your request because of an internal service 2864 // error. Try again later. 2865 // 2866 // * TooManyRequestsException 2867 // You have sent too many requests in too short a period of time. The quota 2868 // helps protect against denial-of-service attacks. Try again later. 2869 // 2870 // For information about quotas that affect AWS Organizations, see Quotas for 2871 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 2872 // the AWS Organizations User Guide. 2873 // 2874 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake 2875 func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) { 2876 req, out := c.DeclineHandshakeRequest(input) 2877 return out, req.Send() 2878 } 2879 2880 // DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of 2881 // the ability to pass a context and additional request options. 2882 // 2883 // See DeclineHandshake for details on how to use this API operation. 2884 // 2885 // The context must be non-nil and will be used for request cancellation. If 2886 // the context is nil a panic will occur. In the future the SDK may create 2887 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2888 // for more information on using Contexts. 2889 func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) { 2890 req, out := c.DeclineHandshakeRequest(input) 2891 req.SetContext(ctx) 2892 req.ApplyOptions(opts...) 2893 return out, req.Send() 2894 } 2895 2896 const opDeleteOrganization = "DeleteOrganization" 2897 2898 // DeleteOrganizationRequest generates a "aws/request.Request" representing the 2899 // client's request for the DeleteOrganization operation. The "output" return 2900 // value will be populated with the request's response once the request completes 2901 // successfully. 2902 // 2903 // Use "Send" method on the returned Request to send the API call to the service. 2904 // the "output" return value is not valid until after Send returns without error. 2905 // 2906 // See DeleteOrganization for more information on using the DeleteOrganization 2907 // API call, and error handling. 2908 // 2909 // This method is useful when you want to inject custom logic or configuration 2910 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 2911 // 2912 // 2913 // // Example sending a request using the DeleteOrganizationRequest method. 2914 // req, resp := client.DeleteOrganizationRequest(params) 2915 // 2916 // err := req.Send() 2917 // if err == nil { // resp is now filled 2918 // fmt.Println(resp) 2919 // } 2920 // 2921 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 2922 func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) { 2923 op := &request.Operation{ 2924 Name: opDeleteOrganization, 2925 HTTPMethod: "POST", 2926 HTTPPath: "/", 2927 } 2928 2929 if input == nil { 2930 input = &DeleteOrganizationInput{} 2931 } 2932 2933 output = &DeleteOrganizationOutput{} 2934 req = c.newRequest(op, input, output) 2935 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2936 return 2937 } 2938 2939 // DeleteOrganization API operation for AWS Organizations. 2940 // 2941 // Deletes the organization. You can delete an organization only by using credentials 2942 // from the management account. The organization must be empty of member accounts. 2943 // 2944 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2945 // with awserr.Error's Code and Message methods to get detailed information about 2946 // the error. 2947 // 2948 // See the AWS API reference guide for AWS Organizations's 2949 // API operation DeleteOrganization for usage and error information. 2950 // 2951 // Returned Error Types: 2952 // * AccessDeniedException 2953 // You don't have permissions to perform the requested operation. The user or 2954 // role that is making the request must have at least one IAM permissions policy 2955 // attached that grants the required permissions. For more information, see 2956 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 2957 // in the IAM User Guide. 2958 // 2959 // * AWSOrganizationsNotInUseException 2960 // Your account isn't a member of an organization. To make this request, you 2961 // must use the credentials of an account that belongs to an organization. 2962 // 2963 // * ConcurrentModificationException 2964 // The target of the operation is currently being modified by a different request. 2965 // Try again later. 2966 // 2967 // * InvalidInputException 2968 // The requested operation failed because you provided invalid values for one 2969 // or more of the request parameters. This exception includes a reason that 2970 // contains additional information about the violated limit: 2971 // 2972 // Some of the reasons in the following list might not be applicable to this 2973 // specific API or operation. 2974 // 2975 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 2976 // the same entity. 2977 // 2978 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 2979 // can't be modified. 2980 // 2981 // * INPUT_REQUIRED: You must include a value for all required parameters. 2982 // 2983 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 2984 // for the invited account owner. 2985 // 2986 // * INVALID_ENUM: You specified an invalid value. 2987 // 2988 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 2989 // 2990 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 2991 // characters. 2992 // 2993 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 2994 // at least one invalid value. 2995 // 2996 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 2997 // from the response to a previous call of the operation. 2998 // 2999 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3000 // organization, or email) as a party. 3001 // 3002 // * INVALID_PATTERN: You provided a value that doesn't match the required 3003 // pattern. 3004 // 3005 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3006 // match the required pattern. 3007 // 3008 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3009 // name can't begin with the reserved prefix AWSServiceRoleFor. 3010 // 3011 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3012 // Name (ARN) for the organization. 3013 // 3014 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3015 // 3016 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3017 // tag. You can’t add, edit, or delete system tag keys because they're 3018 // reserved for AWS use. System tags don’t count against your tags per 3019 // resource limit. 3020 // 3021 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3022 // for the operation. 3023 // 3024 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3025 // than allowed. 3026 // 3027 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3028 // value than allowed. 3029 // 3030 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3031 // than allowed. 3032 // 3033 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3034 // value than allowed. 3035 // 3036 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3037 // between entities in the same root. 3038 // 3039 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3040 // target entity. 3041 // 3042 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3043 // isn't recognized. 3044 // 3045 // * OrganizationNotEmptyException 3046 // The organization isn't empty. To delete an organization, you must first remove 3047 // all accounts except the management account, delete all OUs, and delete all 3048 // policies. 3049 // 3050 // * ServiceException 3051 // AWS Organizations can't complete your request because of an internal service 3052 // error. Try again later. 3053 // 3054 // * TooManyRequestsException 3055 // You have sent too many requests in too short a period of time. The quota 3056 // helps protect against denial-of-service attacks. Try again later. 3057 // 3058 // For information about quotas that affect AWS Organizations, see Quotas for 3059 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3060 // the AWS Organizations User Guide. 3061 // 3062 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization 3063 func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) { 3064 req, out := c.DeleteOrganizationRequest(input) 3065 return out, req.Send() 3066 } 3067 3068 // DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of 3069 // the ability to pass a context and additional request options. 3070 // 3071 // See DeleteOrganization for details on how to use this API operation. 3072 // 3073 // The context must be non-nil and will be used for request cancellation. If 3074 // the context is nil a panic will occur. In the future the SDK may create 3075 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3076 // for more information on using Contexts. 3077 func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) { 3078 req, out := c.DeleteOrganizationRequest(input) 3079 req.SetContext(ctx) 3080 req.ApplyOptions(opts...) 3081 return out, req.Send() 3082 } 3083 3084 const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit" 3085 3086 // DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the 3087 // client's request for the DeleteOrganizationalUnit operation. The "output" return 3088 // value will be populated with the request's response once the request completes 3089 // successfully. 3090 // 3091 // Use "Send" method on the returned Request to send the API call to the service. 3092 // the "output" return value is not valid until after Send returns without error. 3093 // 3094 // See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit 3095 // API call, and error handling. 3096 // 3097 // This method is useful when you want to inject custom logic or configuration 3098 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 3099 // 3100 // 3101 // // Example sending a request using the DeleteOrganizationalUnitRequest method. 3102 // req, resp := client.DeleteOrganizationalUnitRequest(params) 3103 // 3104 // err := req.Send() 3105 // if err == nil { // resp is now filled 3106 // fmt.Println(resp) 3107 // } 3108 // 3109 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 3110 func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) { 3111 op := &request.Operation{ 3112 Name: opDeleteOrganizationalUnit, 3113 HTTPMethod: "POST", 3114 HTTPPath: "/", 3115 } 3116 3117 if input == nil { 3118 input = &DeleteOrganizationalUnitInput{} 3119 } 3120 3121 output = &DeleteOrganizationalUnitOutput{} 3122 req = c.newRequest(op, input, output) 3123 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 3124 return 3125 } 3126 3127 // DeleteOrganizationalUnit API operation for AWS Organizations. 3128 // 3129 // Deletes an organizational unit (OU) from a root or another OU. You must first 3130 // remove all accounts and child OUs from the OU that you want to delete. 3131 // 3132 // This operation can be called only from the organization's management account. 3133 // 3134 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3135 // with awserr.Error's Code and Message methods to get detailed information about 3136 // the error. 3137 // 3138 // See the AWS API reference guide for AWS Organizations's 3139 // API operation DeleteOrganizationalUnit for usage and error information. 3140 // 3141 // Returned Error Types: 3142 // * AccessDeniedException 3143 // You don't have permissions to perform the requested operation. The user or 3144 // role that is making the request must have at least one IAM permissions policy 3145 // attached that grants the required permissions. For more information, see 3146 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3147 // in the IAM User Guide. 3148 // 3149 // * AWSOrganizationsNotInUseException 3150 // Your account isn't a member of an organization. To make this request, you 3151 // must use the credentials of an account that belongs to an organization. 3152 // 3153 // * ConcurrentModificationException 3154 // The target of the operation is currently being modified by a different request. 3155 // Try again later. 3156 // 3157 // * InvalidInputException 3158 // The requested operation failed because you provided invalid values for one 3159 // or more of the request parameters. This exception includes a reason that 3160 // contains additional information about the violated limit: 3161 // 3162 // Some of the reasons in the following list might not be applicable to this 3163 // specific API or operation. 3164 // 3165 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 3166 // the same entity. 3167 // 3168 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3169 // can't be modified. 3170 // 3171 // * INPUT_REQUIRED: You must include a value for all required parameters. 3172 // 3173 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 3174 // for the invited account owner. 3175 // 3176 // * INVALID_ENUM: You specified an invalid value. 3177 // 3178 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 3179 // 3180 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3181 // characters. 3182 // 3183 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3184 // at least one invalid value. 3185 // 3186 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3187 // from the response to a previous call of the operation. 3188 // 3189 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3190 // organization, or email) as a party. 3191 // 3192 // * INVALID_PATTERN: You provided a value that doesn't match the required 3193 // pattern. 3194 // 3195 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3196 // match the required pattern. 3197 // 3198 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3199 // name can't begin with the reserved prefix AWSServiceRoleFor. 3200 // 3201 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3202 // Name (ARN) for the organization. 3203 // 3204 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3205 // 3206 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3207 // tag. You can’t add, edit, or delete system tag keys because they're 3208 // reserved for AWS use. System tags don’t count against your tags per 3209 // resource limit. 3210 // 3211 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3212 // for the operation. 3213 // 3214 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3215 // than allowed. 3216 // 3217 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3218 // value than allowed. 3219 // 3220 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3221 // than allowed. 3222 // 3223 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3224 // value than allowed. 3225 // 3226 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3227 // between entities in the same root. 3228 // 3229 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3230 // target entity. 3231 // 3232 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3233 // isn't recognized. 3234 // 3235 // * OrganizationalUnitNotEmptyException 3236 // The specified OU is not empty. Move all accounts to another root or to other 3237 // OUs, remove all child OUs, and try the operation again. 3238 // 3239 // * OrganizationalUnitNotFoundException 3240 // We can't find an OU with the OrganizationalUnitId that you specified. 3241 // 3242 // * ServiceException 3243 // AWS Organizations can't complete your request because of an internal service 3244 // error. Try again later. 3245 // 3246 // * TooManyRequestsException 3247 // You have sent too many requests in too short a period of time. The quota 3248 // helps protect against denial-of-service attacks. Try again later. 3249 // 3250 // For information about quotas that affect AWS Organizations, see Quotas for 3251 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3252 // the AWS Organizations User Guide. 3253 // 3254 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit 3255 func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) { 3256 req, out := c.DeleteOrganizationalUnitRequest(input) 3257 return out, req.Send() 3258 } 3259 3260 // DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of 3261 // the ability to pass a context and additional request options. 3262 // 3263 // See DeleteOrganizationalUnit for details on how to use this API operation. 3264 // 3265 // The context must be non-nil and will be used for request cancellation. If 3266 // the context is nil a panic will occur. In the future the SDK may create 3267 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3268 // for more information on using Contexts. 3269 func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) { 3270 req, out := c.DeleteOrganizationalUnitRequest(input) 3271 req.SetContext(ctx) 3272 req.ApplyOptions(opts...) 3273 return out, req.Send() 3274 } 3275 3276 const opDeletePolicy = "DeletePolicy" 3277 3278 // DeletePolicyRequest generates a "aws/request.Request" representing the 3279 // client's request for the DeletePolicy operation. The "output" return 3280 // value will be populated with the request's response once the request completes 3281 // successfully. 3282 // 3283 // Use "Send" method on the returned Request to send the API call to the service. 3284 // the "output" return value is not valid until after Send returns without error. 3285 // 3286 // See DeletePolicy for more information on using the DeletePolicy 3287 // API call, and error handling. 3288 // 3289 // This method is useful when you want to inject custom logic or configuration 3290 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 3291 // 3292 // 3293 // // Example sending a request using the DeletePolicyRequest method. 3294 // req, resp := client.DeletePolicyRequest(params) 3295 // 3296 // err := req.Send() 3297 // if err == nil { // resp is now filled 3298 // fmt.Println(resp) 3299 // } 3300 // 3301 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 3302 func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 3303 op := &request.Operation{ 3304 Name: opDeletePolicy, 3305 HTTPMethod: "POST", 3306 HTTPPath: "/", 3307 } 3308 3309 if input == nil { 3310 input = &DeletePolicyInput{} 3311 } 3312 3313 output = &DeletePolicyOutput{} 3314 req = c.newRequest(op, input, output) 3315 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 3316 return 3317 } 3318 3319 // DeletePolicy API operation for AWS Organizations. 3320 // 3321 // Deletes the specified policy from your organization. Before you perform this 3322 // operation, you must first detach the policy from all organizational units 3323 // (OUs), roots, and accounts. 3324 // 3325 // This operation can be called only from the organization's management account. 3326 // 3327 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3328 // with awserr.Error's Code and Message methods to get detailed information about 3329 // the error. 3330 // 3331 // See the AWS API reference guide for AWS Organizations's 3332 // API operation DeletePolicy for usage and error information. 3333 // 3334 // Returned Error Types: 3335 // * AccessDeniedException 3336 // You don't have permissions to perform the requested operation. The user or 3337 // role that is making the request must have at least one IAM permissions policy 3338 // attached that grants the required permissions. For more information, see 3339 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3340 // in the IAM User Guide. 3341 // 3342 // * AWSOrganizationsNotInUseException 3343 // Your account isn't a member of an organization. To make this request, you 3344 // must use the credentials of an account that belongs to an organization. 3345 // 3346 // * ConcurrentModificationException 3347 // The target of the operation is currently being modified by a different request. 3348 // Try again later. 3349 // 3350 // * InvalidInputException 3351 // The requested operation failed because you provided invalid values for one 3352 // or more of the request parameters. This exception includes a reason that 3353 // contains additional information about the violated limit: 3354 // 3355 // Some of the reasons in the following list might not be applicable to this 3356 // specific API or operation. 3357 // 3358 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 3359 // the same entity. 3360 // 3361 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3362 // can't be modified. 3363 // 3364 // * INPUT_REQUIRED: You must include a value for all required parameters. 3365 // 3366 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 3367 // for the invited account owner. 3368 // 3369 // * INVALID_ENUM: You specified an invalid value. 3370 // 3371 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 3372 // 3373 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3374 // characters. 3375 // 3376 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3377 // at least one invalid value. 3378 // 3379 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3380 // from the response to a previous call of the operation. 3381 // 3382 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3383 // organization, or email) as a party. 3384 // 3385 // * INVALID_PATTERN: You provided a value that doesn't match the required 3386 // pattern. 3387 // 3388 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3389 // match the required pattern. 3390 // 3391 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3392 // name can't begin with the reserved prefix AWSServiceRoleFor. 3393 // 3394 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3395 // Name (ARN) for the organization. 3396 // 3397 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3398 // 3399 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3400 // tag. You can’t add, edit, or delete system tag keys because they're 3401 // reserved for AWS use. System tags don’t count against your tags per 3402 // resource limit. 3403 // 3404 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3405 // for the operation. 3406 // 3407 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3408 // than allowed. 3409 // 3410 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3411 // value than allowed. 3412 // 3413 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3414 // than allowed. 3415 // 3416 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3417 // value than allowed. 3418 // 3419 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3420 // between entities in the same root. 3421 // 3422 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3423 // target entity. 3424 // 3425 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3426 // isn't recognized. 3427 // 3428 // * PolicyInUseException 3429 // The policy is attached to one or more entities. You must detach it from all 3430 // roots, OUs, and accounts before performing this operation. 3431 // 3432 // * PolicyNotFoundException 3433 // We can't find a policy with the PolicyId that you specified. 3434 // 3435 // * ServiceException 3436 // AWS Organizations can't complete your request because of an internal service 3437 // error. Try again later. 3438 // 3439 // * TooManyRequestsException 3440 // You have sent too many requests in too short a period of time. The quota 3441 // helps protect against denial-of-service attacks. Try again later. 3442 // 3443 // For information about quotas that affect AWS Organizations, see Quotas for 3444 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3445 // the AWS Organizations User Guide. 3446 // 3447 // * UnsupportedAPIEndpointException 3448 // This action isn't available in the current AWS Region. 3449 // 3450 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy 3451 func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 3452 req, out := c.DeletePolicyRequest(input) 3453 return out, req.Send() 3454 } 3455 3456 // DeletePolicyWithContext is the same as DeletePolicy with the addition of 3457 // the ability to pass a context and additional request options. 3458 // 3459 // See DeletePolicy for details on how to use this API operation. 3460 // 3461 // The context must be non-nil and will be used for request cancellation. If 3462 // the context is nil a panic will occur. In the future the SDK may create 3463 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3464 // for more information on using Contexts. 3465 func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 3466 req, out := c.DeletePolicyRequest(input) 3467 req.SetContext(ctx) 3468 req.ApplyOptions(opts...) 3469 return out, req.Send() 3470 } 3471 3472 const opDeregisterDelegatedAdministrator = "DeregisterDelegatedAdministrator" 3473 3474 // DeregisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the 3475 // client's request for the DeregisterDelegatedAdministrator operation. The "output" return 3476 // value will be populated with the request's response once the request completes 3477 // successfully. 3478 // 3479 // Use "Send" method on the returned Request to send the API call to the service. 3480 // the "output" return value is not valid until after Send returns without error. 3481 // 3482 // See DeregisterDelegatedAdministrator for more information on using the DeregisterDelegatedAdministrator 3483 // API call, and error handling. 3484 // 3485 // This method is useful when you want to inject custom logic or configuration 3486 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 3487 // 3488 // 3489 // // Example sending a request using the DeregisterDelegatedAdministratorRequest method. 3490 // req, resp := client.DeregisterDelegatedAdministratorRequest(params) 3491 // 3492 // err := req.Send() 3493 // if err == nil { // resp is now filled 3494 // fmt.Println(resp) 3495 // } 3496 // 3497 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator 3498 func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *DeregisterDelegatedAdministratorInput) (req *request.Request, output *DeregisterDelegatedAdministratorOutput) { 3499 op := &request.Operation{ 3500 Name: opDeregisterDelegatedAdministrator, 3501 HTTPMethod: "POST", 3502 HTTPPath: "/", 3503 } 3504 3505 if input == nil { 3506 input = &DeregisterDelegatedAdministratorInput{} 3507 } 3508 3509 output = &DeregisterDelegatedAdministratorOutput{} 3510 req = c.newRequest(op, input, output) 3511 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 3512 return 3513 } 3514 3515 // DeregisterDelegatedAdministrator API operation for AWS Organizations. 3516 // 3517 // Removes the specified member AWS account as a delegated administrator for 3518 // the specified AWS service. 3519 // 3520 // Deregistering a delegated administrator can have unintended impacts on the 3521 // functionality of the enabled AWS service. See the documentation for the enabled 3522 // service before you deregister a delegated administrator so that you understand 3523 // any potential impacts. 3524 // 3525 // You can run this action only for AWS services that support this feature. 3526 // For a current list of services that support it, see the column Supports Delegated 3527 // Administrator in the table at AWS Services that you can use with AWS Organizations 3528 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html) 3529 // in the AWS Organizations User Guide. 3530 // 3531 // This operation can be called only from the organization's management account. 3532 // 3533 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3534 // with awserr.Error's Code and Message methods to get detailed information about 3535 // the error. 3536 // 3537 // See the AWS API reference guide for AWS Organizations's 3538 // API operation DeregisterDelegatedAdministrator for usage and error information. 3539 // 3540 // Returned Error Types: 3541 // * AccessDeniedException 3542 // You don't have permissions to perform the requested operation. The user or 3543 // role that is making the request must have at least one IAM permissions policy 3544 // attached that grants the required permissions. For more information, see 3545 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3546 // in the IAM User Guide. 3547 // 3548 // * AccountNotFoundException 3549 // We can't find an AWS account with the AccountId that you specified, or the 3550 // account whose credentials you used to make this request isn't a member of 3551 // an organization. 3552 // 3553 // * AccountNotRegisteredException 3554 // The specified account is not a delegated administrator for this AWS service. 3555 // 3556 // * AWSOrganizationsNotInUseException 3557 // Your account isn't a member of an organization. To make this request, you 3558 // must use the credentials of an account that belongs to an organization. 3559 // 3560 // * ConcurrentModificationException 3561 // The target of the operation is currently being modified by a different request. 3562 // Try again later. 3563 // 3564 // * ConstraintViolationException 3565 // Performing this operation violates a minimum or maximum value limit. For 3566 // example, attempting to remove the last service control policy (SCP) from 3567 // an OU or root, inviting or creating too many accounts to the organization, 3568 // or attaching too many policies to an account, OU, or root. This exception 3569 // includes a reason that contains additional information about the violated 3570 // limit: 3571 // 3572 // Some of the reasons in the following list might not be applicable to this 3573 // specific API or operation. 3574 // 3575 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 3576 // account from the organization. You can't remove the management account. 3577 // Instead, after you remove all member accounts, delete the organization 3578 // itself. 3579 // 3580 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 3581 // from the organization that doesn't yet have enough information to exist 3582 // as a standalone account. This account requires you to first agree to the 3583 // AWS Customer Agreement. Follow the steps at Removing a member account 3584 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 3585 // the AWS Organizations User Guide. 3586 // 3587 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 3588 // an account from the organization that doesn't yet have enough information 3589 // to exist as a standalone account. This account requires you to first complete 3590 // phone verification. Follow the steps at Removing a member account from 3591 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 3592 // in the AWS Organizations User Guide. 3593 // 3594 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 3595 // of accounts that you can create in one day. 3596 // 3597 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 3598 // the number of accounts in an organization. If you need more accounts, 3599 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 3600 // request an increase in your limit. Or the number of invitations that you 3601 // tried to send would cause you to exceed the limit of accounts in your 3602 // organization. Send fewer invitations or contact AWS Support to request 3603 // an increase in the number of accounts. Deleted and closed accounts still 3604 // count toward your limit. If you get this exception when running a command 3605 // immediately after creating the organization, wait one hour and try again. 3606 // After an hour, if the command continues to fail with this error, contact 3607 // AWS Support (https://console.aws.amazon.com/support/home#/). 3608 // 3609 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 3610 // register the management account of the organization as a delegated administrator 3611 // for an AWS service integrated with Organizations. You can designate only 3612 // a member account as a delegated administrator. 3613 // 3614 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 3615 // an account that is registered as a delegated administrator for a service 3616 // integrated with your organization. To complete this operation, you must 3617 // first deregister this account as a delegated administrator. 3618 // 3619 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 3620 // organization in the specified region, you must enable all features mode. 3621 // 3622 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 3623 // an AWS account as a delegated administrator for an AWS service that already 3624 // has a delegated administrator. To complete this operation, you must first 3625 // deregister any existing delegated administrators for this service. 3626 // 3627 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 3628 // valid for a limited period of time. You must resubmit the request and 3629 // generate a new verfication code. 3630 // 3631 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 3632 // handshakes that you can send in one day. 3633 // 3634 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 3635 // in this organization, you first must migrate the organization's management 3636 // account to the marketplace that corresponds to the management account's 3637 // address. For example, accounts with India addresses must be associated 3638 // with the AISPL marketplace. All accounts in an organization must be associated 3639 // with the same marketplace. 3640 // 3641 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 3642 // in China. To create an organization, the master must have a valid business 3643 // license. For more information, contact customer support. 3644 // 3645 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 3646 // must first provide a valid contact address and phone number for the management 3647 // account. Then try the operation again. 3648 // 3649 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 3650 // management account must have an associated account in the AWS GovCloud 3651 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 3652 // in the AWS GovCloud User Guide. 3653 // 3654 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 3655 // with this management account, you first must associate a valid payment 3656 // instrument, such as a credit card, with the account. Follow the steps 3657 // at To leave an organization when all required account information has 3658 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3659 // in the AWS Organizations User Guide. 3660 // 3661 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 3662 // to register more delegated administrators than allowed for the service 3663 // principal. 3664 // 3665 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 3666 // number of policies of a certain type that can be attached to an entity 3667 // at one time. 3668 // 3669 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 3670 // on this resource. 3671 // 3672 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 3673 // with this member account, you first must associate a valid payment instrument, 3674 // such as a credit card, with the account. Follow the steps at To leave 3675 // an organization when all required account information has not yet been 3676 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 3677 // in the AWS Organizations User Guide. 3678 // 3679 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 3680 // policy from an entity that would cause the entity to have fewer than the 3681 // minimum number of policies of a certain type required. 3682 // 3683 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 3684 // that requires the organization to be configured to support all features. 3685 // An organization that supports only consolidated billing features can't 3686 // perform this operation. 3687 // 3688 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 3689 // too many levels deep. 3690 // 3691 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 3692 // that you can have in an organization. 3693 // 3694 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 3695 // is larger than the maximum size. 3696 // 3697 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 3698 // policies that you can have in an organization. 3699 // 3700 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 3701 // tags that are not compliant with the tag policy requirements for this 3702 // account. 3703 // 3704 // * InvalidInputException 3705 // The requested operation failed because you provided invalid values for one 3706 // or more of the request parameters. This exception includes a reason that 3707 // contains additional information about the violated limit: 3708 // 3709 // Some of the reasons in the following list might not be applicable to this 3710 // specific API or operation. 3711 // 3712 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 3713 // the same entity. 3714 // 3715 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3716 // can't be modified. 3717 // 3718 // * INPUT_REQUIRED: You must include a value for all required parameters. 3719 // 3720 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 3721 // for the invited account owner. 3722 // 3723 // * INVALID_ENUM: You specified an invalid value. 3724 // 3725 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 3726 // 3727 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3728 // characters. 3729 // 3730 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3731 // at least one invalid value. 3732 // 3733 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3734 // from the response to a previous call of the operation. 3735 // 3736 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3737 // organization, or email) as a party. 3738 // 3739 // * INVALID_PATTERN: You provided a value that doesn't match the required 3740 // pattern. 3741 // 3742 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3743 // match the required pattern. 3744 // 3745 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3746 // name can't begin with the reserved prefix AWSServiceRoleFor. 3747 // 3748 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3749 // Name (ARN) for the organization. 3750 // 3751 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3752 // 3753 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3754 // tag. You can’t add, edit, or delete system tag keys because they're 3755 // reserved for AWS use. System tags don’t count against your tags per 3756 // resource limit. 3757 // 3758 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3759 // for the operation. 3760 // 3761 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3762 // than allowed. 3763 // 3764 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3765 // value than allowed. 3766 // 3767 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3768 // than allowed. 3769 // 3770 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3771 // value than allowed. 3772 // 3773 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3774 // between entities in the same root. 3775 // 3776 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3777 // target entity. 3778 // 3779 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3780 // isn't recognized. 3781 // 3782 // * TooManyRequestsException 3783 // You have sent too many requests in too short a period of time. The quota 3784 // helps protect against denial-of-service attacks. Try again later. 3785 // 3786 // For information about quotas that affect AWS Organizations, see Quotas for 3787 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3788 // the AWS Organizations User Guide. 3789 // 3790 // * ServiceException 3791 // AWS Organizations can't complete your request because of an internal service 3792 // error. Try again later. 3793 // 3794 // * UnsupportedAPIEndpointException 3795 // This action isn't available in the current AWS Region. 3796 // 3797 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator 3798 func (c *Organizations) DeregisterDelegatedAdministrator(input *DeregisterDelegatedAdministratorInput) (*DeregisterDelegatedAdministratorOutput, error) { 3799 req, out := c.DeregisterDelegatedAdministratorRequest(input) 3800 return out, req.Send() 3801 } 3802 3803 // DeregisterDelegatedAdministratorWithContext is the same as DeregisterDelegatedAdministrator with the addition of 3804 // the ability to pass a context and additional request options. 3805 // 3806 // See DeregisterDelegatedAdministrator for details on how to use this API operation. 3807 // 3808 // The context must be non-nil and will be used for request cancellation. If 3809 // the context is nil a panic will occur. In the future the SDK may create 3810 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3811 // for more information on using Contexts. 3812 func (c *Organizations) DeregisterDelegatedAdministratorWithContext(ctx aws.Context, input *DeregisterDelegatedAdministratorInput, opts ...request.Option) (*DeregisterDelegatedAdministratorOutput, error) { 3813 req, out := c.DeregisterDelegatedAdministratorRequest(input) 3814 req.SetContext(ctx) 3815 req.ApplyOptions(opts...) 3816 return out, req.Send() 3817 } 3818 3819 const opDescribeAccount = "DescribeAccount" 3820 3821 // DescribeAccountRequest generates a "aws/request.Request" representing the 3822 // client's request for the DescribeAccount operation. The "output" return 3823 // value will be populated with the request's response once the request completes 3824 // successfully. 3825 // 3826 // Use "Send" method on the returned Request to send the API call to the service. 3827 // the "output" return value is not valid until after Send returns without error. 3828 // 3829 // See DescribeAccount for more information on using the DescribeAccount 3830 // API call, and error handling. 3831 // 3832 // This method is useful when you want to inject custom logic or configuration 3833 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 3834 // 3835 // 3836 // // Example sending a request using the DescribeAccountRequest method. 3837 // req, resp := client.DescribeAccountRequest(params) 3838 // 3839 // err := req.Send() 3840 // if err == nil { // resp is now filled 3841 // fmt.Println(resp) 3842 // } 3843 // 3844 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3845 func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) { 3846 op := &request.Operation{ 3847 Name: opDescribeAccount, 3848 HTTPMethod: "POST", 3849 HTTPPath: "/", 3850 } 3851 3852 if input == nil { 3853 input = &DescribeAccountInput{} 3854 } 3855 3856 output = &DescribeAccountOutput{} 3857 req = c.newRequest(op, input, output) 3858 return 3859 } 3860 3861 // DescribeAccount API operation for AWS Organizations. 3862 // 3863 // Retrieves AWS Organizations-related information about the specified account. 3864 // 3865 // This operation can be called only from the organization's management account 3866 // or by a member account that is a delegated administrator for an AWS service. 3867 // 3868 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3869 // with awserr.Error's Code and Message methods to get detailed information about 3870 // the error. 3871 // 3872 // See the AWS API reference guide for AWS Organizations's 3873 // API operation DescribeAccount for usage and error information. 3874 // 3875 // Returned Error Types: 3876 // * AccessDeniedException 3877 // You don't have permissions to perform the requested operation. The user or 3878 // role that is making the request must have at least one IAM permissions policy 3879 // attached that grants the required permissions. For more information, see 3880 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 3881 // in the IAM User Guide. 3882 // 3883 // * AccountNotFoundException 3884 // We can't find an AWS account with the AccountId that you specified, or the 3885 // account whose credentials you used to make this request isn't a member of 3886 // an organization. 3887 // 3888 // * AWSOrganizationsNotInUseException 3889 // Your account isn't a member of an organization. To make this request, you 3890 // must use the credentials of an account that belongs to an organization. 3891 // 3892 // * InvalidInputException 3893 // The requested operation failed because you provided invalid values for one 3894 // or more of the request parameters. This exception includes a reason that 3895 // contains additional information about the violated limit: 3896 // 3897 // Some of the reasons in the following list might not be applicable to this 3898 // specific API or operation. 3899 // 3900 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 3901 // the same entity. 3902 // 3903 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 3904 // can't be modified. 3905 // 3906 // * INPUT_REQUIRED: You must include a value for all required parameters. 3907 // 3908 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 3909 // for the invited account owner. 3910 // 3911 // * INVALID_ENUM: You specified an invalid value. 3912 // 3913 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 3914 // 3915 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 3916 // characters. 3917 // 3918 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 3919 // at least one invalid value. 3920 // 3921 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 3922 // from the response to a previous call of the operation. 3923 // 3924 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 3925 // organization, or email) as a party. 3926 // 3927 // * INVALID_PATTERN: You provided a value that doesn't match the required 3928 // pattern. 3929 // 3930 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 3931 // match the required pattern. 3932 // 3933 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 3934 // name can't begin with the reserved prefix AWSServiceRoleFor. 3935 // 3936 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 3937 // Name (ARN) for the organization. 3938 // 3939 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 3940 // 3941 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 3942 // tag. You can’t add, edit, or delete system tag keys because they're 3943 // reserved for AWS use. System tags don’t count against your tags per 3944 // resource limit. 3945 // 3946 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 3947 // for the operation. 3948 // 3949 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 3950 // than allowed. 3951 // 3952 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 3953 // value than allowed. 3954 // 3955 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 3956 // than allowed. 3957 // 3958 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 3959 // value than allowed. 3960 // 3961 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 3962 // between entities in the same root. 3963 // 3964 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 3965 // target entity. 3966 // 3967 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 3968 // isn't recognized. 3969 // 3970 // * ServiceException 3971 // AWS Organizations can't complete your request because of an internal service 3972 // error. Try again later. 3973 // 3974 // * TooManyRequestsException 3975 // You have sent too many requests in too short a period of time. The quota 3976 // helps protect against denial-of-service attacks. Try again later. 3977 // 3978 // For information about quotas that affect AWS Organizations, see Quotas for 3979 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 3980 // the AWS Organizations User Guide. 3981 // 3982 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount 3983 func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) { 3984 req, out := c.DescribeAccountRequest(input) 3985 return out, req.Send() 3986 } 3987 3988 // DescribeAccountWithContext is the same as DescribeAccount with the addition of 3989 // the ability to pass a context and additional request options. 3990 // 3991 // See DescribeAccount for details on how to use this API operation. 3992 // 3993 // The context must be non-nil and will be used for request cancellation. If 3994 // the context is nil a panic will occur. In the future the SDK may create 3995 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3996 // for more information on using Contexts. 3997 func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) { 3998 req, out := c.DescribeAccountRequest(input) 3999 req.SetContext(ctx) 4000 req.ApplyOptions(opts...) 4001 return out, req.Send() 4002 } 4003 4004 const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus" 4005 4006 // DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the 4007 // client's request for the DescribeCreateAccountStatus operation. The "output" return 4008 // value will be populated with the request's response once the request completes 4009 // successfully. 4010 // 4011 // Use "Send" method on the returned Request to send the API call to the service. 4012 // the "output" return value is not valid until after Send returns without error. 4013 // 4014 // See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus 4015 // API call, and error handling. 4016 // 4017 // This method is useful when you want to inject custom logic or configuration 4018 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 4019 // 4020 // 4021 // // Example sending a request using the DescribeCreateAccountStatusRequest method. 4022 // req, resp := client.DescribeCreateAccountStatusRequest(params) 4023 // 4024 // err := req.Send() 4025 // if err == nil { // resp is now filled 4026 // fmt.Println(resp) 4027 // } 4028 // 4029 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 4030 func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) { 4031 op := &request.Operation{ 4032 Name: opDescribeCreateAccountStatus, 4033 HTTPMethod: "POST", 4034 HTTPPath: "/", 4035 } 4036 4037 if input == nil { 4038 input = &DescribeCreateAccountStatusInput{} 4039 } 4040 4041 output = &DescribeCreateAccountStatusOutput{} 4042 req = c.newRequest(op, input, output) 4043 return 4044 } 4045 4046 // DescribeCreateAccountStatus API operation for AWS Organizations. 4047 // 4048 // Retrieves the current status of an asynchronous request to create an account. 4049 // 4050 // This operation can be called only from the organization's management account 4051 // or by a member account that is a delegated administrator for an AWS service. 4052 // 4053 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4054 // with awserr.Error's Code and Message methods to get detailed information about 4055 // the error. 4056 // 4057 // See the AWS API reference guide for AWS Organizations's 4058 // API operation DescribeCreateAccountStatus for usage and error information. 4059 // 4060 // Returned Error Types: 4061 // * AccessDeniedException 4062 // You don't have permissions to perform the requested operation. The user or 4063 // role that is making the request must have at least one IAM permissions policy 4064 // attached that grants the required permissions. For more information, see 4065 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4066 // in the IAM User Guide. 4067 // 4068 // * AWSOrganizationsNotInUseException 4069 // Your account isn't a member of an organization. To make this request, you 4070 // must use the credentials of an account that belongs to an organization. 4071 // 4072 // * CreateAccountStatusNotFoundException 4073 // We can't find an create account request with the CreateAccountRequestId that 4074 // you specified. 4075 // 4076 // * InvalidInputException 4077 // The requested operation failed because you provided invalid values for one 4078 // or more of the request parameters. This exception includes a reason that 4079 // contains additional information about the violated limit: 4080 // 4081 // Some of the reasons in the following list might not be applicable to this 4082 // specific API or operation. 4083 // 4084 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 4085 // the same entity. 4086 // 4087 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4088 // can't be modified. 4089 // 4090 // * INPUT_REQUIRED: You must include a value for all required parameters. 4091 // 4092 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 4093 // for the invited account owner. 4094 // 4095 // * INVALID_ENUM: You specified an invalid value. 4096 // 4097 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 4098 // 4099 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4100 // characters. 4101 // 4102 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4103 // at least one invalid value. 4104 // 4105 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4106 // from the response to a previous call of the operation. 4107 // 4108 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4109 // organization, or email) as a party. 4110 // 4111 // * INVALID_PATTERN: You provided a value that doesn't match the required 4112 // pattern. 4113 // 4114 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4115 // match the required pattern. 4116 // 4117 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4118 // name can't begin with the reserved prefix AWSServiceRoleFor. 4119 // 4120 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4121 // Name (ARN) for the organization. 4122 // 4123 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4124 // 4125 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4126 // tag. You can’t add, edit, or delete system tag keys because they're 4127 // reserved for AWS use. System tags don’t count against your tags per 4128 // resource limit. 4129 // 4130 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4131 // for the operation. 4132 // 4133 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4134 // than allowed. 4135 // 4136 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4137 // value than allowed. 4138 // 4139 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4140 // than allowed. 4141 // 4142 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4143 // value than allowed. 4144 // 4145 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4146 // between entities in the same root. 4147 // 4148 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 4149 // target entity. 4150 // 4151 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 4152 // isn't recognized. 4153 // 4154 // * ServiceException 4155 // AWS Organizations can't complete your request because of an internal service 4156 // error. Try again later. 4157 // 4158 // * TooManyRequestsException 4159 // You have sent too many requests in too short a period of time. The quota 4160 // helps protect against denial-of-service attacks. Try again later. 4161 // 4162 // For information about quotas that affect AWS Organizations, see Quotas for 4163 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4164 // the AWS Organizations User Guide. 4165 // 4166 // * UnsupportedAPIEndpointException 4167 // This action isn't available in the current AWS Region. 4168 // 4169 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus 4170 func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) { 4171 req, out := c.DescribeCreateAccountStatusRequest(input) 4172 return out, req.Send() 4173 } 4174 4175 // DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of 4176 // the ability to pass a context and additional request options. 4177 // 4178 // See DescribeCreateAccountStatus for details on how to use this API operation. 4179 // 4180 // The context must be non-nil and will be used for request cancellation. If 4181 // the context is nil a panic will occur. In the future the SDK may create 4182 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4183 // for more information on using Contexts. 4184 func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) { 4185 req, out := c.DescribeCreateAccountStatusRequest(input) 4186 req.SetContext(ctx) 4187 req.ApplyOptions(opts...) 4188 return out, req.Send() 4189 } 4190 4191 const opDescribeEffectivePolicy = "DescribeEffectivePolicy" 4192 4193 // DescribeEffectivePolicyRequest generates a "aws/request.Request" representing the 4194 // client's request for the DescribeEffectivePolicy operation. The "output" return 4195 // value will be populated with the request's response once the request completes 4196 // successfully. 4197 // 4198 // Use "Send" method on the returned Request to send the API call to the service. 4199 // the "output" return value is not valid until after Send returns without error. 4200 // 4201 // See DescribeEffectivePolicy for more information on using the DescribeEffectivePolicy 4202 // API call, and error handling. 4203 // 4204 // This method is useful when you want to inject custom logic or configuration 4205 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 4206 // 4207 // 4208 // // Example sending a request using the DescribeEffectivePolicyRequest method. 4209 // req, resp := client.DescribeEffectivePolicyRequest(params) 4210 // 4211 // err := req.Send() 4212 // if err == nil { // resp is now filled 4213 // fmt.Println(resp) 4214 // } 4215 // 4216 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy 4217 func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectivePolicyInput) (req *request.Request, output *DescribeEffectivePolicyOutput) { 4218 op := &request.Operation{ 4219 Name: opDescribeEffectivePolicy, 4220 HTTPMethod: "POST", 4221 HTTPPath: "/", 4222 } 4223 4224 if input == nil { 4225 input = &DescribeEffectivePolicyInput{} 4226 } 4227 4228 output = &DescribeEffectivePolicyOutput{} 4229 req = c.newRequest(op, input, output) 4230 return 4231 } 4232 4233 // DescribeEffectivePolicy API operation for AWS Organizations. 4234 // 4235 // Returns the contents of the effective policy for specified policy type and 4236 // account. The effective policy is the aggregation of any policies of the specified 4237 // type that the account inherits, plus any policy of that type that is directly 4238 // attached to the account. 4239 // 4240 // This operation applies only to policy types other than service control policies 4241 // (SCPs). 4242 // 4243 // For more information about policy inheritance, see How Policy Inheritance 4244 // Works (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html) 4245 // in the AWS Organizations User Guide. 4246 // 4247 // This operation can be called only from the organization's management account 4248 // or by a member account that is a delegated administrator for an AWS service. 4249 // 4250 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4251 // with awserr.Error's Code and Message methods to get detailed information about 4252 // the error. 4253 // 4254 // See the AWS API reference guide for AWS Organizations's 4255 // API operation DescribeEffectivePolicy for usage and error information. 4256 // 4257 // Returned Error Types: 4258 // * AccessDeniedException 4259 // You don't have permissions to perform the requested operation. The user or 4260 // role that is making the request must have at least one IAM permissions policy 4261 // attached that grants the required permissions. For more information, see 4262 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4263 // in the IAM User Guide. 4264 // 4265 // * AWSOrganizationsNotInUseException 4266 // Your account isn't a member of an organization. To make this request, you 4267 // must use the credentials of an account that belongs to an organization. 4268 // 4269 // * ConstraintViolationException 4270 // Performing this operation violates a minimum or maximum value limit. For 4271 // example, attempting to remove the last service control policy (SCP) from 4272 // an OU or root, inviting or creating too many accounts to the organization, 4273 // or attaching too many policies to an account, OU, or root. This exception 4274 // includes a reason that contains additional information about the violated 4275 // limit: 4276 // 4277 // Some of the reasons in the following list might not be applicable to this 4278 // specific API or operation. 4279 // 4280 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 4281 // account from the organization. You can't remove the management account. 4282 // Instead, after you remove all member accounts, delete the organization 4283 // itself. 4284 // 4285 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 4286 // from the organization that doesn't yet have enough information to exist 4287 // as a standalone account. This account requires you to first agree to the 4288 // AWS Customer Agreement. Follow the steps at Removing a member account 4289 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 4290 // the AWS Organizations User Guide. 4291 // 4292 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 4293 // an account from the organization that doesn't yet have enough information 4294 // to exist as a standalone account. This account requires you to first complete 4295 // phone verification. Follow the steps at Removing a member account from 4296 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 4297 // in the AWS Organizations User Guide. 4298 // 4299 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 4300 // of accounts that you can create in one day. 4301 // 4302 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 4303 // the number of accounts in an organization. If you need more accounts, 4304 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 4305 // request an increase in your limit. Or the number of invitations that you 4306 // tried to send would cause you to exceed the limit of accounts in your 4307 // organization. Send fewer invitations or contact AWS Support to request 4308 // an increase in the number of accounts. Deleted and closed accounts still 4309 // count toward your limit. If you get this exception when running a command 4310 // immediately after creating the organization, wait one hour and try again. 4311 // After an hour, if the command continues to fail with this error, contact 4312 // AWS Support (https://console.aws.amazon.com/support/home#/). 4313 // 4314 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 4315 // register the management account of the organization as a delegated administrator 4316 // for an AWS service integrated with Organizations. You can designate only 4317 // a member account as a delegated administrator. 4318 // 4319 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 4320 // an account that is registered as a delegated administrator for a service 4321 // integrated with your organization. To complete this operation, you must 4322 // first deregister this account as a delegated administrator. 4323 // 4324 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 4325 // organization in the specified region, you must enable all features mode. 4326 // 4327 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 4328 // an AWS account as a delegated administrator for an AWS service that already 4329 // has a delegated administrator. To complete this operation, you must first 4330 // deregister any existing delegated administrators for this service. 4331 // 4332 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 4333 // valid for a limited period of time. You must resubmit the request and 4334 // generate a new verfication code. 4335 // 4336 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 4337 // handshakes that you can send in one day. 4338 // 4339 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 4340 // in this organization, you first must migrate the organization's management 4341 // account to the marketplace that corresponds to the management account's 4342 // address. For example, accounts with India addresses must be associated 4343 // with the AISPL marketplace. All accounts in an organization must be associated 4344 // with the same marketplace. 4345 // 4346 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 4347 // in China. To create an organization, the master must have a valid business 4348 // license. For more information, contact customer support. 4349 // 4350 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 4351 // must first provide a valid contact address and phone number for the management 4352 // account. Then try the operation again. 4353 // 4354 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 4355 // management account must have an associated account in the AWS GovCloud 4356 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 4357 // in the AWS GovCloud User Guide. 4358 // 4359 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 4360 // with this management account, you first must associate a valid payment 4361 // instrument, such as a credit card, with the account. Follow the steps 4362 // at To leave an organization when all required account information has 4363 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4364 // in the AWS Organizations User Guide. 4365 // 4366 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 4367 // to register more delegated administrators than allowed for the service 4368 // principal. 4369 // 4370 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 4371 // number of policies of a certain type that can be attached to an entity 4372 // at one time. 4373 // 4374 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 4375 // on this resource. 4376 // 4377 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 4378 // with this member account, you first must associate a valid payment instrument, 4379 // such as a credit card, with the account. Follow the steps at To leave 4380 // an organization when all required account information has not yet been 4381 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 4382 // in the AWS Organizations User Guide. 4383 // 4384 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 4385 // policy from an entity that would cause the entity to have fewer than the 4386 // minimum number of policies of a certain type required. 4387 // 4388 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 4389 // that requires the organization to be configured to support all features. 4390 // An organization that supports only consolidated billing features can't 4391 // perform this operation. 4392 // 4393 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 4394 // too many levels deep. 4395 // 4396 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 4397 // that you can have in an organization. 4398 // 4399 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 4400 // is larger than the maximum size. 4401 // 4402 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 4403 // policies that you can have in an organization. 4404 // 4405 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 4406 // tags that are not compliant with the tag policy requirements for this 4407 // account. 4408 // 4409 // * ServiceException 4410 // AWS Organizations can't complete your request because of an internal service 4411 // error. Try again later. 4412 // 4413 // * TooManyRequestsException 4414 // You have sent too many requests in too short a period of time. The quota 4415 // helps protect against denial-of-service attacks. Try again later. 4416 // 4417 // For information about quotas that affect AWS Organizations, see Quotas for 4418 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4419 // the AWS Organizations User Guide. 4420 // 4421 // * TargetNotFoundException 4422 // We can't find a root, OU, account, or policy with the TargetId that you specified. 4423 // 4424 // * EffectivePolicyNotFoundException 4425 // If you ran this action on the management account, this policy type is not 4426 // enabled. If you ran the action on a member account, the account doesn't have 4427 // an effective policy of this type. Contact the administrator of your organization 4428 // about attaching a policy of this type to the account. 4429 // 4430 // * InvalidInputException 4431 // The requested operation failed because you provided invalid values for one 4432 // or more of the request parameters. This exception includes a reason that 4433 // contains additional information about the violated limit: 4434 // 4435 // Some of the reasons in the following list might not be applicable to this 4436 // specific API or operation. 4437 // 4438 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 4439 // the same entity. 4440 // 4441 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4442 // can't be modified. 4443 // 4444 // * INPUT_REQUIRED: You must include a value for all required parameters. 4445 // 4446 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 4447 // for the invited account owner. 4448 // 4449 // * INVALID_ENUM: You specified an invalid value. 4450 // 4451 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 4452 // 4453 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4454 // characters. 4455 // 4456 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4457 // at least one invalid value. 4458 // 4459 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4460 // from the response to a previous call of the operation. 4461 // 4462 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4463 // organization, or email) as a party. 4464 // 4465 // * INVALID_PATTERN: You provided a value that doesn't match the required 4466 // pattern. 4467 // 4468 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4469 // match the required pattern. 4470 // 4471 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4472 // name can't begin with the reserved prefix AWSServiceRoleFor. 4473 // 4474 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4475 // Name (ARN) for the organization. 4476 // 4477 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4478 // 4479 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4480 // tag. You can’t add, edit, or delete system tag keys because they're 4481 // reserved for AWS use. System tags don’t count against your tags per 4482 // resource limit. 4483 // 4484 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4485 // for the operation. 4486 // 4487 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4488 // than allowed. 4489 // 4490 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4491 // value than allowed. 4492 // 4493 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4494 // than allowed. 4495 // 4496 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4497 // value than allowed. 4498 // 4499 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4500 // between entities in the same root. 4501 // 4502 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 4503 // target entity. 4504 // 4505 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 4506 // isn't recognized. 4507 // 4508 // * UnsupportedAPIEndpointException 4509 // This action isn't available in the current AWS Region. 4510 // 4511 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy 4512 func (c *Organizations) DescribeEffectivePolicy(input *DescribeEffectivePolicyInput) (*DescribeEffectivePolicyOutput, error) { 4513 req, out := c.DescribeEffectivePolicyRequest(input) 4514 return out, req.Send() 4515 } 4516 4517 // DescribeEffectivePolicyWithContext is the same as DescribeEffectivePolicy with the addition of 4518 // the ability to pass a context and additional request options. 4519 // 4520 // See DescribeEffectivePolicy for details on how to use this API operation. 4521 // 4522 // The context must be non-nil and will be used for request cancellation. If 4523 // the context is nil a panic will occur. In the future the SDK may create 4524 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4525 // for more information on using Contexts. 4526 func (c *Organizations) DescribeEffectivePolicyWithContext(ctx aws.Context, input *DescribeEffectivePolicyInput, opts ...request.Option) (*DescribeEffectivePolicyOutput, error) { 4527 req, out := c.DescribeEffectivePolicyRequest(input) 4528 req.SetContext(ctx) 4529 req.ApplyOptions(opts...) 4530 return out, req.Send() 4531 } 4532 4533 const opDescribeHandshake = "DescribeHandshake" 4534 4535 // DescribeHandshakeRequest generates a "aws/request.Request" representing the 4536 // client's request for the DescribeHandshake operation. The "output" return 4537 // value will be populated with the request's response once the request completes 4538 // successfully. 4539 // 4540 // Use "Send" method on the returned Request to send the API call to the service. 4541 // the "output" return value is not valid until after Send returns without error. 4542 // 4543 // See DescribeHandshake for more information on using the DescribeHandshake 4544 // API call, and error handling. 4545 // 4546 // This method is useful when you want to inject custom logic or configuration 4547 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 4548 // 4549 // 4550 // // Example sending a request using the DescribeHandshakeRequest method. 4551 // req, resp := client.DescribeHandshakeRequest(params) 4552 // 4553 // err := req.Send() 4554 // if err == nil { // resp is now filled 4555 // fmt.Println(resp) 4556 // } 4557 // 4558 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 4559 func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) { 4560 op := &request.Operation{ 4561 Name: opDescribeHandshake, 4562 HTTPMethod: "POST", 4563 HTTPPath: "/", 4564 } 4565 4566 if input == nil { 4567 input = &DescribeHandshakeInput{} 4568 } 4569 4570 output = &DescribeHandshakeOutput{} 4571 req = c.newRequest(op, input, output) 4572 return 4573 } 4574 4575 // DescribeHandshake API operation for AWS Organizations. 4576 // 4577 // Retrieves information about a previously requested handshake. The handshake 4578 // ID comes from the response to the original InviteAccountToOrganization operation 4579 // that generated the handshake. 4580 // 4581 // You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only 4582 // 30 days after they change to that state. They're then deleted and no longer 4583 // accessible. 4584 // 4585 // This operation can be called from any account in the organization. 4586 // 4587 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4588 // with awserr.Error's Code and Message methods to get detailed information about 4589 // the error. 4590 // 4591 // See the AWS API reference guide for AWS Organizations's 4592 // API operation DescribeHandshake for usage and error information. 4593 // 4594 // Returned Error Types: 4595 // * AccessDeniedException 4596 // You don't have permissions to perform the requested operation. The user or 4597 // role that is making the request must have at least one IAM permissions policy 4598 // attached that grants the required permissions. For more information, see 4599 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4600 // in the IAM User Guide. 4601 // 4602 // * ConcurrentModificationException 4603 // The target of the operation is currently being modified by a different request. 4604 // Try again later. 4605 // 4606 // * HandshakeNotFoundException 4607 // We can't find a handshake with the HandshakeId that you specified. 4608 // 4609 // * InvalidInputException 4610 // The requested operation failed because you provided invalid values for one 4611 // or more of the request parameters. This exception includes a reason that 4612 // contains additional information about the violated limit: 4613 // 4614 // Some of the reasons in the following list might not be applicable to this 4615 // specific API or operation. 4616 // 4617 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 4618 // the same entity. 4619 // 4620 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4621 // can't be modified. 4622 // 4623 // * INPUT_REQUIRED: You must include a value for all required parameters. 4624 // 4625 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 4626 // for the invited account owner. 4627 // 4628 // * INVALID_ENUM: You specified an invalid value. 4629 // 4630 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 4631 // 4632 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4633 // characters. 4634 // 4635 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4636 // at least one invalid value. 4637 // 4638 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4639 // from the response to a previous call of the operation. 4640 // 4641 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4642 // organization, or email) as a party. 4643 // 4644 // * INVALID_PATTERN: You provided a value that doesn't match the required 4645 // pattern. 4646 // 4647 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4648 // match the required pattern. 4649 // 4650 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4651 // name can't begin with the reserved prefix AWSServiceRoleFor. 4652 // 4653 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4654 // Name (ARN) for the organization. 4655 // 4656 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4657 // 4658 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4659 // tag. You can’t add, edit, or delete system tag keys because they're 4660 // reserved for AWS use. System tags don’t count against your tags per 4661 // resource limit. 4662 // 4663 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4664 // for the operation. 4665 // 4666 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4667 // than allowed. 4668 // 4669 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4670 // value than allowed. 4671 // 4672 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4673 // than allowed. 4674 // 4675 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4676 // value than allowed. 4677 // 4678 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4679 // between entities in the same root. 4680 // 4681 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 4682 // target entity. 4683 // 4684 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 4685 // isn't recognized. 4686 // 4687 // * ServiceException 4688 // AWS Organizations can't complete your request because of an internal service 4689 // error. Try again later. 4690 // 4691 // * TooManyRequestsException 4692 // You have sent too many requests in too short a period of time. The quota 4693 // helps protect against denial-of-service attacks. Try again later. 4694 // 4695 // For information about quotas that affect AWS Organizations, see Quotas for 4696 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4697 // the AWS Organizations User Guide. 4698 // 4699 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake 4700 func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) { 4701 req, out := c.DescribeHandshakeRequest(input) 4702 return out, req.Send() 4703 } 4704 4705 // DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of 4706 // the ability to pass a context and additional request options. 4707 // 4708 // See DescribeHandshake for details on how to use this API operation. 4709 // 4710 // The context must be non-nil and will be used for request cancellation. If 4711 // the context is nil a panic will occur. In the future the SDK may create 4712 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4713 // for more information on using Contexts. 4714 func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) { 4715 req, out := c.DescribeHandshakeRequest(input) 4716 req.SetContext(ctx) 4717 req.ApplyOptions(opts...) 4718 return out, req.Send() 4719 } 4720 4721 const opDescribeOrganization = "DescribeOrganization" 4722 4723 // DescribeOrganizationRequest generates a "aws/request.Request" representing the 4724 // client's request for the DescribeOrganization operation. The "output" return 4725 // value will be populated with the request's response once the request completes 4726 // successfully. 4727 // 4728 // Use "Send" method on the returned Request to send the API call to the service. 4729 // the "output" return value is not valid until after Send returns without error. 4730 // 4731 // See DescribeOrganization for more information on using the DescribeOrganization 4732 // API call, and error handling. 4733 // 4734 // This method is useful when you want to inject custom logic or configuration 4735 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 4736 // 4737 // 4738 // // Example sending a request using the DescribeOrganizationRequest method. 4739 // req, resp := client.DescribeOrganizationRequest(params) 4740 // 4741 // err := req.Send() 4742 // if err == nil { // resp is now filled 4743 // fmt.Println(resp) 4744 // } 4745 // 4746 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 4747 func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) { 4748 op := &request.Operation{ 4749 Name: opDescribeOrganization, 4750 HTTPMethod: "POST", 4751 HTTPPath: "/", 4752 } 4753 4754 if input == nil { 4755 input = &DescribeOrganizationInput{} 4756 } 4757 4758 output = &DescribeOrganizationOutput{} 4759 req = c.newRequest(op, input, output) 4760 return 4761 } 4762 4763 // DescribeOrganization API operation for AWS Organizations. 4764 // 4765 // Retrieves information about the organization that the user's account belongs 4766 // to. 4767 // 4768 // This operation can be called from any account in the organization. 4769 // 4770 // Even if a policy type is shown as available in the organization, you can 4771 // disable it separately at the root level with DisablePolicyType. Use ListRoots 4772 // to see the status of policy types for a specified root. 4773 // 4774 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4775 // with awserr.Error's Code and Message methods to get detailed information about 4776 // the error. 4777 // 4778 // See the AWS API reference guide for AWS Organizations's 4779 // API operation DescribeOrganization for usage and error information. 4780 // 4781 // Returned Error Types: 4782 // * AccessDeniedException 4783 // You don't have permissions to perform the requested operation. The user or 4784 // role that is making the request must have at least one IAM permissions policy 4785 // attached that grants the required permissions. For more information, see 4786 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4787 // in the IAM User Guide. 4788 // 4789 // * AWSOrganizationsNotInUseException 4790 // Your account isn't a member of an organization. To make this request, you 4791 // must use the credentials of an account that belongs to an organization. 4792 // 4793 // * ConcurrentModificationException 4794 // The target of the operation is currently being modified by a different request. 4795 // Try again later. 4796 // 4797 // * ServiceException 4798 // AWS Organizations can't complete your request because of an internal service 4799 // error. Try again later. 4800 // 4801 // * TooManyRequestsException 4802 // You have sent too many requests in too short a period of time. The quota 4803 // helps protect against denial-of-service attacks. Try again later. 4804 // 4805 // For information about quotas that affect AWS Organizations, see Quotas for 4806 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4807 // the AWS Organizations User Guide. 4808 // 4809 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization 4810 func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) { 4811 req, out := c.DescribeOrganizationRequest(input) 4812 return out, req.Send() 4813 } 4814 4815 // DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of 4816 // the ability to pass a context and additional request options. 4817 // 4818 // See DescribeOrganization for details on how to use this API operation. 4819 // 4820 // The context must be non-nil and will be used for request cancellation. If 4821 // the context is nil a panic will occur. In the future the SDK may create 4822 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4823 // for more information on using Contexts. 4824 func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) { 4825 req, out := c.DescribeOrganizationRequest(input) 4826 req.SetContext(ctx) 4827 req.ApplyOptions(opts...) 4828 return out, req.Send() 4829 } 4830 4831 const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit" 4832 4833 // DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the 4834 // client's request for the DescribeOrganizationalUnit operation. The "output" return 4835 // value will be populated with the request's response once the request completes 4836 // successfully. 4837 // 4838 // Use "Send" method on the returned Request to send the API call to the service. 4839 // the "output" return value is not valid until after Send returns without error. 4840 // 4841 // See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit 4842 // API call, and error handling. 4843 // 4844 // This method is useful when you want to inject custom logic or configuration 4845 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 4846 // 4847 // 4848 // // Example sending a request using the DescribeOrganizationalUnitRequest method. 4849 // req, resp := client.DescribeOrganizationalUnitRequest(params) 4850 // 4851 // err := req.Send() 4852 // if err == nil { // resp is now filled 4853 // fmt.Println(resp) 4854 // } 4855 // 4856 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 4857 func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) { 4858 op := &request.Operation{ 4859 Name: opDescribeOrganizationalUnit, 4860 HTTPMethod: "POST", 4861 HTTPPath: "/", 4862 } 4863 4864 if input == nil { 4865 input = &DescribeOrganizationalUnitInput{} 4866 } 4867 4868 output = &DescribeOrganizationalUnitOutput{} 4869 req = c.newRequest(op, input, output) 4870 return 4871 } 4872 4873 // DescribeOrganizationalUnit API operation for AWS Organizations. 4874 // 4875 // Retrieves information about an organizational unit (OU). 4876 // 4877 // This operation can be called only from the organization's management account 4878 // or by a member account that is a delegated administrator for an AWS service. 4879 // 4880 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4881 // with awserr.Error's Code and Message methods to get detailed information about 4882 // the error. 4883 // 4884 // See the AWS API reference guide for AWS Organizations's 4885 // API operation DescribeOrganizationalUnit for usage and error information. 4886 // 4887 // Returned Error Types: 4888 // * AccessDeniedException 4889 // You don't have permissions to perform the requested operation. The user or 4890 // role that is making the request must have at least one IAM permissions policy 4891 // attached that grants the required permissions. For more information, see 4892 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 4893 // in the IAM User Guide. 4894 // 4895 // * AWSOrganizationsNotInUseException 4896 // Your account isn't a member of an organization. To make this request, you 4897 // must use the credentials of an account that belongs to an organization. 4898 // 4899 // * InvalidInputException 4900 // The requested operation failed because you provided invalid values for one 4901 // or more of the request parameters. This exception includes a reason that 4902 // contains additional information about the violated limit: 4903 // 4904 // Some of the reasons in the following list might not be applicable to this 4905 // specific API or operation. 4906 // 4907 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 4908 // the same entity. 4909 // 4910 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 4911 // can't be modified. 4912 // 4913 // * INPUT_REQUIRED: You must include a value for all required parameters. 4914 // 4915 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 4916 // for the invited account owner. 4917 // 4918 // * INVALID_ENUM: You specified an invalid value. 4919 // 4920 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 4921 // 4922 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 4923 // characters. 4924 // 4925 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 4926 // at least one invalid value. 4927 // 4928 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 4929 // from the response to a previous call of the operation. 4930 // 4931 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 4932 // organization, or email) as a party. 4933 // 4934 // * INVALID_PATTERN: You provided a value that doesn't match the required 4935 // pattern. 4936 // 4937 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 4938 // match the required pattern. 4939 // 4940 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 4941 // name can't begin with the reserved prefix AWSServiceRoleFor. 4942 // 4943 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 4944 // Name (ARN) for the organization. 4945 // 4946 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 4947 // 4948 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 4949 // tag. You can’t add, edit, or delete system tag keys because they're 4950 // reserved for AWS use. System tags don’t count against your tags per 4951 // resource limit. 4952 // 4953 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 4954 // for the operation. 4955 // 4956 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 4957 // than allowed. 4958 // 4959 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 4960 // value than allowed. 4961 // 4962 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 4963 // than allowed. 4964 // 4965 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 4966 // value than allowed. 4967 // 4968 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 4969 // between entities in the same root. 4970 // 4971 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 4972 // target entity. 4973 // 4974 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 4975 // isn't recognized. 4976 // 4977 // * OrganizationalUnitNotFoundException 4978 // We can't find an OU with the OrganizationalUnitId that you specified. 4979 // 4980 // * ServiceException 4981 // AWS Organizations can't complete your request because of an internal service 4982 // error. Try again later. 4983 // 4984 // * TooManyRequestsException 4985 // You have sent too many requests in too short a period of time. The quota 4986 // helps protect against denial-of-service attacks. Try again later. 4987 // 4988 // For information about quotas that affect AWS Organizations, see Quotas for 4989 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 4990 // the AWS Organizations User Guide. 4991 // 4992 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit 4993 func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) { 4994 req, out := c.DescribeOrganizationalUnitRequest(input) 4995 return out, req.Send() 4996 } 4997 4998 // DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of 4999 // the ability to pass a context and additional request options. 5000 // 5001 // See DescribeOrganizationalUnit for details on how to use this API operation. 5002 // 5003 // The context must be non-nil and will be used for request cancellation. If 5004 // the context is nil a panic will occur. In the future the SDK may create 5005 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5006 // for more information on using Contexts. 5007 func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) { 5008 req, out := c.DescribeOrganizationalUnitRequest(input) 5009 req.SetContext(ctx) 5010 req.ApplyOptions(opts...) 5011 return out, req.Send() 5012 } 5013 5014 const opDescribePolicy = "DescribePolicy" 5015 5016 // DescribePolicyRequest generates a "aws/request.Request" representing the 5017 // client's request for the DescribePolicy operation. The "output" return 5018 // value will be populated with the request's response once the request completes 5019 // successfully. 5020 // 5021 // Use "Send" method on the returned Request to send the API call to the service. 5022 // the "output" return value is not valid until after Send returns without error. 5023 // 5024 // See DescribePolicy for more information on using the DescribePolicy 5025 // API call, and error handling. 5026 // 5027 // This method is useful when you want to inject custom logic or configuration 5028 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 5029 // 5030 // 5031 // // Example sending a request using the DescribePolicyRequest method. 5032 // req, resp := client.DescribePolicyRequest(params) 5033 // 5034 // err := req.Send() 5035 // if err == nil { // resp is now filled 5036 // fmt.Println(resp) 5037 // } 5038 // 5039 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 5040 func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) { 5041 op := &request.Operation{ 5042 Name: opDescribePolicy, 5043 HTTPMethod: "POST", 5044 HTTPPath: "/", 5045 } 5046 5047 if input == nil { 5048 input = &DescribePolicyInput{} 5049 } 5050 5051 output = &DescribePolicyOutput{} 5052 req = c.newRequest(op, input, output) 5053 return 5054 } 5055 5056 // DescribePolicy API operation for AWS Organizations. 5057 // 5058 // Retrieves information about a policy. 5059 // 5060 // This operation can be called only from the organization's management account 5061 // or by a member account that is a delegated administrator for an AWS service. 5062 // 5063 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5064 // with awserr.Error's Code and Message methods to get detailed information about 5065 // the error. 5066 // 5067 // See the AWS API reference guide for AWS Organizations's 5068 // API operation DescribePolicy for usage and error information. 5069 // 5070 // Returned Error Types: 5071 // * AccessDeniedException 5072 // You don't have permissions to perform the requested operation. The user or 5073 // role that is making the request must have at least one IAM permissions policy 5074 // attached that grants the required permissions. For more information, see 5075 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5076 // in the IAM User Guide. 5077 // 5078 // * AWSOrganizationsNotInUseException 5079 // Your account isn't a member of an organization. To make this request, you 5080 // must use the credentials of an account that belongs to an organization. 5081 // 5082 // * InvalidInputException 5083 // The requested operation failed because you provided invalid values for one 5084 // or more of the request parameters. This exception includes a reason that 5085 // contains additional information about the violated limit: 5086 // 5087 // Some of the reasons in the following list might not be applicable to this 5088 // specific API or operation. 5089 // 5090 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 5091 // the same entity. 5092 // 5093 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5094 // can't be modified. 5095 // 5096 // * INPUT_REQUIRED: You must include a value for all required parameters. 5097 // 5098 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 5099 // for the invited account owner. 5100 // 5101 // * INVALID_ENUM: You specified an invalid value. 5102 // 5103 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 5104 // 5105 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5106 // characters. 5107 // 5108 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5109 // at least one invalid value. 5110 // 5111 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5112 // from the response to a previous call of the operation. 5113 // 5114 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5115 // organization, or email) as a party. 5116 // 5117 // * INVALID_PATTERN: You provided a value that doesn't match the required 5118 // pattern. 5119 // 5120 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5121 // match the required pattern. 5122 // 5123 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5124 // name can't begin with the reserved prefix AWSServiceRoleFor. 5125 // 5126 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5127 // Name (ARN) for the organization. 5128 // 5129 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5130 // 5131 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5132 // tag. You can’t add, edit, or delete system tag keys because they're 5133 // reserved for AWS use. System tags don’t count against your tags per 5134 // resource limit. 5135 // 5136 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5137 // for the operation. 5138 // 5139 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5140 // than allowed. 5141 // 5142 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5143 // value than allowed. 5144 // 5145 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5146 // than allowed. 5147 // 5148 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5149 // value than allowed. 5150 // 5151 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5152 // between entities in the same root. 5153 // 5154 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 5155 // target entity. 5156 // 5157 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 5158 // isn't recognized. 5159 // 5160 // * PolicyNotFoundException 5161 // We can't find a policy with the PolicyId that you specified. 5162 // 5163 // * ServiceException 5164 // AWS Organizations can't complete your request because of an internal service 5165 // error. Try again later. 5166 // 5167 // * TooManyRequestsException 5168 // You have sent too many requests in too short a period of time. The quota 5169 // helps protect against denial-of-service attacks. Try again later. 5170 // 5171 // For information about quotas that affect AWS Organizations, see Quotas for 5172 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 5173 // the AWS Organizations User Guide. 5174 // 5175 // * UnsupportedAPIEndpointException 5176 // This action isn't available in the current AWS Region. 5177 // 5178 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy 5179 func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) { 5180 req, out := c.DescribePolicyRequest(input) 5181 return out, req.Send() 5182 } 5183 5184 // DescribePolicyWithContext is the same as DescribePolicy with the addition of 5185 // the ability to pass a context and additional request options. 5186 // 5187 // See DescribePolicy for details on how to use this API operation. 5188 // 5189 // The context must be non-nil and will be used for request cancellation. If 5190 // the context is nil a panic will occur. In the future the SDK may create 5191 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5192 // for more information on using Contexts. 5193 func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) { 5194 req, out := c.DescribePolicyRequest(input) 5195 req.SetContext(ctx) 5196 req.ApplyOptions(opts...) 5197 return out, req.Send() 5198 } 5199 5200 const opDetachPolicy = "DetachPolicy" 5201 5202 // DetachPolicyRequest generates a "aws/request.Request" representing the 5203 // client's request for the DetachPolicy operation. The "output" return 5204 // value will be populated with the request's response once the request completes 5205 // successfully. 5206 // 5207 // Use "Send" method on the returned Request to send the API call to the service. 5208 // the "output" return value is not valid until after Send returns without error. 5209 // 5210 // See DetachPolicy for more information on using the DetachPolicy 5211 // API call, and error handling. 5212 // 5213 // This method is useful when you want to inject custom logic or configuration 5214 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 5215 // 5216 // 5217 // // Example sending a request using the DetachPolicyRequest method. 5218 // req, resp := client.DetachPolicyRequest(params) 5219 // 5220 // err := req.Send() 5221 // if err == nil { // resp is now filled 5222 // fmt.Println(resp) 5223 // } 5224 // 5225 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 5226 func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) { 5227 op := &request.Operation{ 5228 Name: opDetachPolicy, 5229 HTTPMethod: "POST", 5230 HTTPPath: "/", 5231 } 5232 5233 if input == nil { 5234 input = &DetachPolicyInput{} 5235 } 5236 5237 output = &DetachPolicyOutput{} 5238 req = c.newRequest(op, input, output) 5239 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5240 return 5241 } 5242 5243 // DetachPolicy API operation for AWS Organizations. 5244 // 5245 // Detaches a policy from a target root, organizational unit (OU), or account. 5246 // 5247 // If the policy being detached is a service control policy (SCP), the changes 5248 // to permissions for AWS Identity and Access Management (IAM) users and roles 5249 // in affected accounts are immediate. 5250 // 5251 // Every root, OU, and account must have at least one SCP attached. If you want 5252 // to replace the default FullAWSAccess policy with an SCP that limits the permissions 5253 // that can be delegated, you must attach the replacement SCP before you can 5254 // remove the default SCP. This is the authorization strategy of an "allow list 5255 // (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist)". 5256 // If you instead attach a second SCP and leave the FullAWSAccess SCP still 5257 // attached, and specify "Effect": "Deny" in the second SCP to override the 5258 // "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP), 5259 // you're using the authorization strategy of a "deny list (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist)". 5260 // 5261 // This operation can be called only from the organization's management account. 5262 // 5263 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5264 // with awserr.Error's Code and Message methods to get detailed information about 5265 // the error. 5266 // 5267 // See the AWS API reference guide for AWS Organizations's 5268 // API operation DetachPolicy for usage and error information. 5269 // 5270 // Returned Error Types: 5271 // * AccessDeniedException 5272 // You don't have permissions to perform the requested operation. The user or 5273 // role that is making the request must have at least one IAM permissions policy 5274 // attached that grants the required permissions. For more information, see 5275 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5276 // in the IAM User Guide. 5277 // 5278 // * AWSOrganizationsNotInUseException 5279 // Your account isn't a member of an organization. To make this request, you 5280 // must use the credentials of an account that belongs to an organization. 5281 // 5282 // * ConcurrentModificationException 5283 // The target of the operation is currently being modified by a different request. 5284 // Try again later. 5285 // 5286 // * ConstraintViolationException 5287 // Performing this operation violates a minimum or maximum value limit. For 5288 // example, attempting to remove the last service control policy (SCP) from 5289 // an OU or root, inviting or creating too many accounts to the organization, 5290 // or attaching too many policies to an account, OU, or root. This exception 5291 // includes a reason that contains additional information about the violated 5292 // limit: 5293 // 5294 // Some of the reasons in the following list might not be applicable to this 5295 // specific API or operation. 5296 // 5297 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 5298 // account from the organization. You can't remove the management account. 5299 // Instead, after you remove all member accounts, delete the organization 5300 // itself. 5301 // 5302 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5303 // from the organization that doesn't yet have enough information to exist 5304 // as a standalone account. This account requires you to first agree to the 5305 // AWS Customer Agreement. Follow the steps at Removing a member account 5306 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 5307 // the AWS Organizations User Guide. 5308 // 5309 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5310 // an account from the organization that doesn't yet have enough information 5311 // to exist as a standalone account. This account requires you to first complete 5312 // phone verification. Follow the steps at Removing a member account from 5313 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 5314 // in the AWS Organizations User Guide. 5315 // 5316 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5317 // of accounts that you can create in one day. 5318 // 5319 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5320 // the number of accounts in an organization. If you need more accounts, 5321 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5322 // request an increase in your limit. Or the number of invitations that you 5323 // tried to send would cause you to exceed the limit of accounts in your 5324 // organization. Send fewer invitations or contact AWS Support to request 5325 // an increase in the number of accounts. Deleted and closed accounts still 5326 // count toward your limit. If you get this exception when running a command 5327 // immediately after creating the organization, wait one hour and try again. 5328 // After an hour, if the command continues to fail with this error, contact 5329 // AWS Support (https://console.aws.amazon.com/support/home#/). 5330 // 5331 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 5332 // register the management account of the organization as a delegated administrator 5333 // for an AWS service integrated with Organizations. You can designate only 5334 // a member account as a delegated administrator. 5335 // 5336 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 5337 // an account that is registered as a delegated administrator for a service 5338 // integrated with your organization. To complete this operation, you must 5339 // first deregister this account as a delegated administrator. 5340 // 5341 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 5342 // organization in the specified region, you must enable all features mode. 5343 // 5344 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 5345 // an AWS account as a delegated administrator for an AWS service that already 5346 // has a delegated administrator. To complete this operation, you must first 5347 // deregister any existing delegated administrators for this service. 5348 // 5349 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 5350 // valid for a limited period of time. You must resubmit the request and 5351 // generate a new verfication code. 5352 // 5353 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5354 // handshakes that you can send in one day. 5355 // 5356 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5357 // in this organization, you first must migrate the organization's management 5358 // account to the marketplace that corresponds to the management account's 5359 // address. For example, accounts with India addresses must be associated 5360 // with the AISPL marketplace. All accounts in an organization must be associated 5361 // with the same marketplace. 5362 // 5363 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 5364 // in China. To create an organization, the master must have a valid business 5365 // license. For more information, contact customer support. 5366 // 5367 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5368 // must first provide a valid contact address and phone number for the management 5369 // account. Then try the operation again. 5370 // 5371 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5372 // management account must have an associated account in the AWS GovCloud 5373 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5374 // in the AWS GovCloud User Guide. 5375 // 5376 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5377 // with this management account, you first must associate a valid payment 5378 // instrument, such as a credit card, with the account. Follow the steps 5379 // at To leave an organization when all required account information has 5380 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5381 // in the AWS Organizations User Guide. 5382 // 5383 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 5384 // to register more delegated administrators than allowed for the service 5385 // principal. 5386 // 5387 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5388 // number of policies of a certain type that can be attached to an entity 5389 // at one time. 5390 // 5391 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5392 // on this resource. 5393 // 5394 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5395 // with this member account, you first must associate a valid payment instrument, 5396 // such as a credit card, with the account. Follow the steps at To leave 5397 // an organization when all required account information has not yet been 5398 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5399 // in the AWS Organizations User Guide. 5400 // 5401 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5402 // policy from an entity that would cause the entity to have fewer than the 5403 // minimum number of policies of a certain type required. 5404 // 5405 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5406 // that requires the organization to be configured to support all features. 5407 // An organization that supports only consolidated billing features can't 5408 // perform this operation. 5409 // 5410 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5411 // too many levels deep. 5412 // 5413 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5414 // that you can have in an organization. 5415 // 5416 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 5417 // is larger than the maximum size. 5418 // 5419 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 5420 // policies that you can have in an organization. 5421 // 5422 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 5423 // tags that are not compliant with the tag policy requirements for this 5424 // account. 5425 // 5426 // * InvalidInputException 5427 // The requested operation failed because you provided invalid values for one 5428 // or more of the request parameters. This exception includes a reason that 5429 // contains additional information about the violated limit: 5430 // 5431 // Some of the reasons in the following list might not be applicable to this 5432 // specific API or operation. 5433 // 5434 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 5435 // the same entity. 5436 // 5437 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5438 // can't be modified. 5439 // 5440 // * INPUT_REQUIRED: You must include a value for all required parameters. 5441 // 5442 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 5443 // for the invited account owner. 5444 // 5445 // * INVALID_ENUM: You specified an invalid value. 5446 // 5447 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 5448 // 5449 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5450 // characters. 5451 // 5452 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5453 // at least one invalid value. 5454 // 5455 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5456 // from the response to a previous call of the operation. 5457 // 5458 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5459 // organization, or email) as a party. 5460 // 5461 // * INVALID_PATTERN: You provided a value that doesn't match the required 5462 // pattern. 5463 // 5464 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5465 // match the required pattern. 5466 // 5467 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5468 // name can't begin with the reserved prefix AWSServiceRoleFor. 5469 // 5470 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5471 // Name (ARN) for the organization. 5472 // 5473 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5474 // 5475 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5476 // tag. You can’t add, edit, or delete system tag keys because they're 5477 // reserved for AWS use. System tags don’t count against your tags per 5478 // resource limit. 5479 // 5480 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5481 // for the operation. 5482 // 5483 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5484 // than allowed. 5485 // 5486 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5487 // value than allowed. 5488 // 5489 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5490 // than allowed. 5491 // 5492 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5493 // value than allowed. 5494 // 5495 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5496 // between entities in the same root. 5497 // 5498 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 5499 // target entity. 5500 // 5501 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 5502 // isn't recognized. 5503 // 5504 // * PolicyNotAttachedException 5505 // The policy isn't attached to the specified target in the specified root. 5506 // 5507 // * PolicyNotFoundException 5508 // We can't find a policy with the PolicyId that you specified. 5509 // 5510 // * ServiceException 5511 // AWS Organizations can't complete your request because of an internal service 5512 // error. Try again later. 5513 // 5514 // * TargetNotFoundException 5515 // We can't find a root, OU, account, or policy with the TargetId that you specified. 5516 // 5517 // * TooManyRequestsException 5518 // You have sent too many requests in too short a period of time. The quota 5519 // helps protect against denial-of-service attacks. Try again later. 5520 // 5521 // For information about quotas that affect AWS Organizations, see Quotas for 5522 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 5523 // the AWS Organizations User Guide. 5524 // 5525 // * UnsupportedAPIEndpointException 5526 // This action isn't available in the current AWS Region. 5527 // 5528 // * PolicyChangesInProgressException 5529 // Changes to the effective policy are in progress, and its contents can't be 5530 // returned. Try the operation again later. 5531 // 5532 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy 5533 func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) { 5534 req, out := c.DetachPolicyRequest(input) 5535 return out, req.Send() 5536 } 5537 5538 // DetachPolicyWithContext is the same as DetachPolicy with the addition of 5539 // the ability to pass a context and additional request options. 5540 // 5541 // See DetachPolicy for details on how to use this API operation. 5542 // 5543 // The context must be non-nil and will be used for request cancellation. If 5544 // the context is nil a panic will occur. In the future the SDK may create 5545 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5546 // for more information on using Contexts. 5547 func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) { 5548 req, out := c.DetachPolicyRequest(input) 5549 req.SetContext(ctx) 5550 req.ApplyOptions(opts...) 5551 return out, req.Send() 5552 } 5553 5554 const opDisableAWSServiceAccess = "DisableAWSServiceAccess" 5555 5556 // DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the 5557 // client's request for the DisableAWSServiceAccess operation. The "output" return 5558 // value will be populated with the request's response once the request completes 5559 // successfully. 5560 // 5561 // Use "Send" method on the returned Request to send the API call to the service. 5562 // the "output" return value is not valid until after Send returns without error. 5563 // 5564 // See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess 5565 // API call, and error handling. 5566 // 5567 // This method is useful when you want to inject custom logic or configuration 5568 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 5569 // 5570 // 5571 // // Example sending a request using the DisableAWSServiceAccessRequest method. 5572 // req, resp := client.DisableAWSServiceAccessRequest(params) 5573 // 5574 // err := req.Send() 5575 // if err == nil { // resp is now filled 5576 // fmt.Println(resp) 5577 // } 5578 // 5579 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 5580 func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) { 5581 op := &request.Operation{ 5582 Name: opDisableAWSServiceAccess, 5583 HTTPMethod: "POST", 5584 HTTPPath: "/", 5585 } 5586 5587 if input == nil { 5588 input = &DisableAWSServiceAccessInput{} 5589 } 5590 5591 output = &DisableAWSServiceAccessOutput{} 5592 req = c.newRequest(op, input, output) 5593 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5594 return 5595 } 5596 5597 // DisableAWSServiceAccess API operation for AWS Organizations. 5598 // 5599 // Disables the integration of an AWS service (the service that is specified 5600 // by ServicePrincipal) with AWS Organizations. When you disable integration, 5601 // the specified service no longer can create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 5602 // in new accounts in your organization. This means the service can't perform 5603 // operations on your behalf on any new accounts in your organization. The service 5604 // can still perform operations in older accounts until the service completes 5605 // its clean-up from AWS Organizations. 5606 // 5607 // We strongly recommend that you don't use this command to disable integration 5608 // between AWS Organizations and the specified AWS service. Instead, use the 5609 // console or commands that are provided by the specified service. This lets 5610 // the trusted service perform any required initialization when enabling trusted 5611 // access, such as creating any required resources and any required clean up 5612 // of resources when disabling trusted access. 5613 // 5614 // For information about how to disable trusted service access to your organization 5615 // using the trusted service, see the Learn more link under the Supports Trusted 5616 // Access column at AWS services that you can use with AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html). 5617 // on this page. 5618 // 5619 // If you disable access by using this command, it causes the following actions 5620 // to occur: 5621 // 5622 // * The service can no longer create a service-linked role in the accounts 5623 // in your organization. This means that the service can't perform operations 5624 // on your behalf on any new accounts in your organization. The service can 5625 // still perform operations in older accounts until the service completes 5626 // its clean-up from AWS Organizations. 5627 // 5628 // * The service can no longer perform tasks in the member accounts in the 5629 // organization, unless those operations are explicitly permitted by the 5630 // IAM policies that are attached to your roles. This includes any data aggregation 5631 // from the member accounts to the management account, or to a delegated 5632 // administrator account, where relevant. 5633 // 5634 // * Some services detect this and clean up any remaining data or resources 5635 // related to the integration, while other services stop accessing the organization 5636 // but leave any historical data and configuration in place to support a 5637 // possible re-enabling of the integration. 5638 // 5639 // Using the other service's console or commands to disable the integration 5640 // ensures that the other service is aware that it can clean up any resources 5641 // that are required only for the integration. How the service cleans up its 5642 // resources in the organization's accounts depends on that service. For more 5643 // information, see the documentation for the other AWS service. 5644 // 5645 // After you perform the DisableAWSServiceAccess operation, the specified service 5646 // can no longer perform operations in your organization's accounts 5647 // 5648 // For more information about integrating other services with AWS Organizations, 5649 // including the list of services that work with Organizations, see Integrating 5650 // AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 5651 // in the AWS Organizations User Guide. 5652 // 5653 // This operation can be called only from the organization's management account. 5654 // 5655 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5656 // with awserr.Error's Code and Message methods to get detailed information about 5657 // the error. 5658 // 5659 // See the AWS API reference guide for AWS Organizations's 5660 // API operation DisableAWSServiceAccess for usage and error information. 5661 // 5662 // Returned Error Types: 5663 // * AccessDeniedException 5664 // You don't have permissions to perform the requested operation. The user or 5665 // role that is making the request must have at least one IAM permissions policy 5666 // attached that grants the required permissions. For more information, see 5667 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 5668 // in the IAM User Guide. 5669 // 5670 // * AWSOrganizationsNotInUseException 5671 // Your account isn't a member of an organization. To make this request, you 5672 // must use the credentials of an account that belongs to an organization. 5673 // 5674 // * ConcurrentModificationException 5675 // The target of the operation is currently being modified by a different request. 5676 // Try again later. 5677 // 5678 // * ConstraintViolationException 5679 // Performing this operation violates a minimum or maximum value limit. For 5680 // example, attempting to remove the last service control policy (SCP) from 5681 // an OU or root, inviting or creating too many accounts to the organization, 5682 // or attaching too many policies to an account, OU, or root. This exception 5683 // includes a reason that contains additional information about the violated 5684 // limit: 5685 // 5686 // Some of the reasons in the following list might not be applicable to this 5687 // specific API or operation. 5688 // 5689 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 5690 // account from the organization. You can't remove the management account. 5691 // Instead, after you remove all member accounts, delete the organization 5692 // itself. 5693 // 5694 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 5695 // from the organization that doesn't yet have enough information to exist 5696 // as a standalone account. This account requires you to first agree to the 5697 // AWS Customer Agreement. Follow the steps at Removing a member account 5698 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 5699 // the AWS Organizations User Guide. 5700 // 5701 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 5702 // an account from the organization that doesn't yet have enough information 5703 // to exist as a standalone account. This account requires you to first complete 5704 // phone verification. Follow the steps at Removing a member account from 5705 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 5706 // in the AWS Organizations User Guide. 5707 // 5708 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 5709 // of accounts that you can create in one day. 5710 // 5711 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 5712 // the number of accounts in an organization. If you need more accounts, 5713 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 5714 // request an increase in your limit. Or the number of invitations that you 5715 // tried to send would cause you to exceed the limit of accounts in your 5716 // organization. Send fewer invitations or contact AWS Support to request 5717 // an increase in the number of accounts. Deleted and closed accounts still 5718 // count toward your limit. If you get this exception when running a command 5719 // immediately after creating the organization, wait one hour and try again. 5720 // After an hour, if the command continues to fail with this error, contact 5721 // AWS Support (https://console.aws.amazon.com/support/home#/). 5722 // 5723 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 5724 // register the management account of the organization as a delegated administrator 5725 // for an AWS service integrated with Organizations. You can designate only 5726 // a member account as a delegated administrator. 5727 // 5728 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 5729 // an account that is registered as a delegated administrator for a service 5730 // integrated with your organization. To complete this operation, you must 5731 // first deregister this account as a delegated administrator. 5732 // 5733 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 5734 // organization in the specified region, you must enable all features mode. 5735 // 5736 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 5737 // an AWS account as a delegated administrator for an AWS service that already 5738 // has a delegated administrator. To complete this operation, you must first 5739 // deregister any existing delegated administrators for this service. 5740 // 5741 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 5742 // valid for a limited period of time. You must resubmit the request and 5743 // generate a new verfication code. 5744 // 5745 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 5746 // handshakes that you can send in one day. 5747 // 5748 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 5749 // in this organization, you first must migrate the organization's management 5750 // account to the marketplace that corresponds to the management account's 5751 // address. For example, accounts with India addresses must be associated 5752 // with the AISPL marketplace. All accounts in an organization must be associated 5753 // with the same marketplace. 5754 // 5755 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 5756 // in China. To create an organization, the master must have a valid business 5757 // license. For more information, contact customer support. 5758 // 5759 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 5760 // must first provide a valid contact address and phone number for the management 5761 // account. Then try the operation again. 5762 // 5763 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 5764 // management account must have an associated account in the AWS GovCloud 5765 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 5766 // in the AWS GovCloud User Guide. 5767 // 5768 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 5769 // with this management account, you first must associate a valid payment 5770 // instrument, such as a credit card, with the account. Follow the steps 5771 // at To leave an organization when all required account information has 5772 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5773 // in the AWS Organizations User Guide. 5774 // 5775 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 5776 // to register more delegated administrators than allowed for the service 5777 // principal. 5778 // 5779 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 5780 // number of policies of a certain type that can be attached to an entity 5781 // at one time. 5782 // 5783 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 5784 // on this resource. 5785 // 5786 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 5787 // with this member account, you first must associate a valid payment instrument, 5788 // such as a credit card, with the account. Follow the steps at To leave 5789 // an organization when all required account information has not yet been 5790 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 5791 // in the AWS Organizations User Guide. 5792 // 5793 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 5794 // policy from an entity that would cause the entity to have fewer than the 5795 // minimum number of policies of a certain type required. 5796 // 5797 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 5798 // that requires the organization to be configured to support all features. 5799 // An organization that supports only consolidated billing features can't 5800 // perform this operation. 5801 // 5802 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 5803 // too many levels deep. 5804 // 5805 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 5806 // that you can have in an organization. 5807 // 5808 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 5809 // is larger than the maximum size. 5810 // 5811 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 5812 // policies that you can have in an organization. 5813 // 5814 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 5815 // tags that are not compliant with the tag policy requirements for this 5816 // account. 5817 // 5818 // * InvalidInputException 5819 // The requested operation failed because you provided invalid values for one 5820 // or more of the request parameters. This exception includes a reason that 5821 // contains additional information about the violated limit: 5822 // 5823 // Some of the reasons in the following list might not be applicable to this 5824 // specific API or operation. 5825 // 5826 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 5827 // the same entity. 5828 // 5829 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 5830 // can't be modified. 5831 // 5832 // * INPUT_REQUIRED: You must include a value for all required parameters. 5833 // 5834 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 5835 // for the invited account owner. 5836 // 5837 // * INVALID_ENUM: You specified an invalid value. 5838 // 5839 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 5840 // 5841 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 5842 // characters. 5843 // 5844 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 5845 // at least one invalid value. 5846 // 5847 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 5848 // from the response to a previous call of the operation. 5849 // 5850 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 5851 // organization, or email) as a party. 5852 // 5853 // * INVALID_PATTERN: You provided a value that doesn't match the required 5854 // pattern. 5855 // 5856 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 5857 // match the required pattern. 5858 // 5859 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 5860 // name can't begin with the reserved prefix AWSServiceRoleFor. 5861 // 5862 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 5863 // Name (ARN) for the organization. 5864 // 5865 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 5866 // 5867 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 5868 // tag. You can’t add, edit, or delete system tag keys because they're 5869 // reserved for AWS use. System tags don’t count against your tags per 5870 // resource limit. 5871 // 5872 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 5873 // for the operation. 5874 // 5875 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 5876 // than allowed. 5877 // 5878 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 5879 // value than allowed. 5880 // 5881 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 5882 // than allowed. 5883 // 5884 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 5885 // value than allowed. 5886 // 5887 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 5888 // between entities in the same root. 5889 // 5890 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 5891 // target entity. 5892 // 5893 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 5894 // isn't recognized. 5895 // 5896 // * ServiceException 5897 // AWS Organizations can't complete your request because of an internal service 5898 // error. Try again later. 5899 // 5900 // * TooManyRequestsException 5901 // You have sent too many requests in too short a period of time. The quota 5902 // helps protect against denial-of-service attacks. Try again later. 5903 // 5904 // For information about quotas that affect AWS Organizations, see Quotas for 5905 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 5906 // the AWS Organizations User Guide. 5907 // 5908 // * UnsupportedAPIEndpointException 5909 // This action isn't available in the current AWS Region. 5910 // 5911 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess 5912 func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) { 5913 req, out := c.DisableAWSServiceAccessRequest(input) 5914 return out, req.Send() 5915 } 5916 5917 // DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of 5918 // the ability to pass a context and additional request options. 5919 // 5920 // See DisableAWSServiceAccess for details on how to use this API operation. 5921 // 5922 // The context must be non-nil and will be used for request cancellation. If 5923 // the context is nil a panic will occur. In the future the SDK may create 5924 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5925 // for more information on using Contexts. 5926 func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) { 5927 req, out := c.DisableAWSServiceAccessRequest(input) 5928 req.SetContext(ctx) 5929 req.ApplyOptions(opts...) 5930 return out, req.Send() 5931 } 5932 5933 const opDisablePolicyType = "DisablePolicyType" 5934 5935 // DisablePolicyTypeRequest generates a "aws/request.Request" representing the 5936 // client's request for the DisablePolicyType operation. The "output" return 5937 // value will be populated with the request's response once the request completes 5938 // successfully. 5939 // 5940 // Use "Send" method on the returned Request to send the API call to the service. 5941 // the "output" return value is not valid until after Send returns without error. 5942 // 5943 // See DisablePolicyType for more information on using the DisablePolicyType 5944 // API call, and error handling. 5945 // 5946 // This method is useful when you want to inject custom logic or configuration 5947 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 5948 // 5949 // 5950 // // Example sending a request using the DisablePolicyTypeRequest method. 5951 // req, resp := client.DisablePolicyTypeRequest(params) 5952 // 5953 // err := req.Send() 5954 // if err == nil { // resp is now filled 5955 // fmt.Println(resp) 5956 // } 5957 // 5958 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 5959 func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) { 5960 op := &request.Operation{ 5961 Name: opDisablePolicyType, 5962 HTTPMethod: "POST", 5963 HTTPPath: "/", 5964 } 5965 5966 if input == nil { 5967 input = &DisablePolicyTypeInput{} 5968 } 5969 5970 output = &DisablePolicyTypeOutput{} 5971 req = c.newRequest(op, input, output) 5972 return 5973 } 5974 5975 // DisablePolicyType API operation for AWS Organizations. 5976 // 5977 // Disables an organizational policy type in a root. A policy of a certain type 5978 // can be attached to entities in a root only if that type is enabled in the 5979 // root. After you perform this operation, you no longer can attach policies 5980 // of the specified type to that root or to any organizational unit (OU) or 5981 // account in that root. You can undo this by using the EnablePolicyType operation. 5982 // 5983 // This is an asynchronous request that AWS performs in the background. If you 5984 // disable a policy type for a root, it still appears enabled for the organization 5985 // if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 5986 // are enabled for the organization. AWS recommends that you first use ListRoots 5987 // to see the status of policy types for a specified root, and then use this 5988 // operation. 5989 // 5990 // This operation can be called only from the organization's management account. 5991 // 5992 // To view the status of available policy types in the organization, use DescribeOrganization. 5993 // 5994 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5995 // with awserr.Error's Code and Message methods to get detailed information about 5996 // the error. 5997 // 5998 // See the AWS API reference guide for AWS Organizations's 5999 // API operation DisablePolicyType for usage and error information. 6000 // 6001 // Returned Error Types: 6002 // * AccessDeniedException 6003 // You don't have permissions to perform the requested operation. The user or 6004 // role that is making the request must have at least one IAM permissions policy 6005 // attached that grants the required permissions. For more information, see 6006 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6007 // in the IAM User Guide. 6008 // 6009 // * AWSOrganizationsNotInUseException 6010 // Your account isn't a member of an organization. To make this request, you 6011 // must use the credentials of an account that belongs to an organization. 6012 // 6013 // * ConcurrentModificationException 6014 // The target of the operation is currently being modified by a different request. 6015 // Try again later. 6016 // 6017 // * ConstraintViolationException 6018 // Performing this operation violates a minimum or maximum value limit. For 6019 // example, attempting to remove the last service control policy (SCP) from 6020 // an OU or root, inviting or creating too many accounts to the organization, 6021 // or attaching too many policies to an account, OU, or root. This exception 6022 // includes a reason that contains additional information about the violated 6023 // limit: 6024 // 6025 // Some of the reasons in the following list might not be applicable to this 6026 // specific API or operation. 6027 // 6028 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 6029 // account from the organization. You can't remove the management account. 6030 // Instead, after you remove all member accounts, delete the organization 6031 // itself. 6032 // 6033 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6034 // from the organization that doesn't yet have enough information to exist 6035 // as a standalone account. This account requires you to first agree to the 6036 // AWS Customer Agreement. Follow the steps at Removing a member account 6037 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 6038 // the AWS Organizations User Guide. 6039 // 6040 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6041 // an account from the organization that doesn't yet have enough information 6042 // to exist as a standalone account. This account requires you to first complete 6043 // phone verification. Follow the steps at Removing a member account from 6044 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 6045 // in the AWS Organizations User Guide. 6046 // 6047 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6048 // of accounts that you can create in one day. 6049 // 6050 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6051 // the number of accounts in an organization. If you need more accounts, 6052 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6053 // request an increase in your limit. Or the number of invitations that you 6054 // tried to send would cause you to exceed the limit of accounts in your 6055 // organization. Send fewer invitations or contact AWS Support to request 6056 // an increase in the number of accounts. Deleted and closed accounts still 6057 // count toward your limit. If you get this exception when running a command 6058 // immediately after creating the organization, wait one hour and try again. 6059 // After an hour, if the command continues to fail with this error, contact 6060 // AWS Support (https://console.aws.amazon.com/support/home#/). 6061 // 6062 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 6063 // register the management account of the organization as a delegated administrator 6064 // for an AWS service integrated with Organizations. You can designate only 6065 // a member account as a delegated administrator. 6066 // 6067 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 6068 // an account that is registered as a delegated administrator for a service 6069 // integrated with your organization. To complete this operation, you must 6070 // first deregister this account as a delegated administrator. 6071 // 6072 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 6073 // organization in the specified region, you must enable all features mode. 6074 // 6075 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 6076 // an AWS account as a delegated administrator for an AWS service that already 6077 // has a delegated administrator. To complete this operation, you must first 6078 // deregister any existing delegated administrators for this service. 6079 // 6080 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 6081 // valid for a limited period of time. You must resubmit the request and 6082 // generate a new verfication code. 6083 // 6084 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6085 // handshakes that you can send in one day. 6086 // 6087 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6088 // in this organization, you first must migrate the organization's management 6089 // account to the marketplace that corresponds to the management account's 6090 // address. For example, accounts with India addresses must be associated 6091 // with the AISPL marketplace. All accounts in an organization must be associated 6092 // with the same marketplace. 6093 // 6094 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 6095 // in China. To create an organization, the master must have a valid business 6096 // license. For more information, contact customer support. 6097 // 6098 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6099 // must first provide a valid contact address and phone number for the management 6100 // account. Then try the operation again. 6101 // 6102 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6103 // management account must have an associated account in the AWS GovCloud 6104 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6105 // in the AWS GovCloud User Guide. 6106 // 6107 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6108 // with this management account, you first must associate a valid payment 6109 // instrument, such as a credit card, with the account. Follow the steps 6110 // at To leave an organization when all required account information has 6111 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6112 // in the AWS Organizations User Guide. 6113 // 6114 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 6115 // to register more delegated administrators than allowed for the service 6116 // principal. 6117 // 6118 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6119 // number of policies of a certain type that can be attached to an entity 6120 // at one time. 6121 // 6122 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6123 // on this resource. 6124 // 6125 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6126 // with this member account, you first must associate a valid payment instrument, 6127 // such as a credit card, with the account. Follow the steps at To leave 6128 // an organization when all required account information has not yet been 6129 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6130 // in the AWS Organizations User Guide. 6131 // 6132 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6133 // policy from an entity that would cause the entity to have fewer than the 6134 // minimum number of policies of a certain type required. 6135 // 6136 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6137 // that requires the organization to be configured to support all features. 6138 // An organization that supports only consolidated billing features can't 6139 // perform this operation. 6140 // 6141 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6142 // too many levels deep. 6143 // 6144 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6145 // that you can have in an organization. 6146 // 6147 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 6148 // is larger than the maximum size. 6149 // 6150 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 6151 // policies that you can have in an organization. 6152 // 6153 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 6154 // tags that are not compliant with the tag policy requirements for this 6155 // account. 6156 // 6157 // * InvalidInputException 6158 // The requested operation failed because you provided invalid values for one 6159 // or more of the request parameters. This exception includes a reason that 6160 // contains additional information about the violated limit: 6161 // 6162 // Some of the reasons in the following list might not be applicable to this 6163 // specific API or operation. 6164 // 6165 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 6166 // the same entity. 6167 // 6168 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6169 // can't be modified. 6170 // 6171 // * INPUT_REQUIRED: You must include a value for all required parameters. 6172 // 6173 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 6174 // for the invited account owner. 6175 // 6176 // * INVALID_ENUM: You specified an invalid value. 6177 // 6178 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 6179 // 6180 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6181 // characters. 6182 // 6183 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6184 // at least one invalid value. 6185 // 6186 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6187 // from the response to a previous call of the operation. 6188 // 6189 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6190 // organization, or email) as a party. 6191 // 6192 // * INVALID_PATTERN: You provided a value that doesn't match the required 6193 // pattern. 6194 // 6195 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6196 // match the required pattern. 6197 // 6198 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6199 // name can't begin with the reserved prefix AWSServiceRoleFor. 6200 // 6201 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6202 // Name (ARN) for the organization. 6203 // 6204 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6205 // 6206 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6207 // tag. You can’t add, edit, or delete system tag keys because they're 6208 // reserved for AWS use. System tags don’t count against your tags per 6209 // resource limit. 6210 // 6211 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6212 // for the operation. 6213 // 6214 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6215 // than allowed. 6216 // 6217 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6218 // value than allowed. 6219 // 6220 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6221 // than allowed. 6222 // 6223 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6224 // value than allowed. 6225 // 6226 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6227 // between entities in the same root. 6228 // 6229 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 6230 // target entity. 6231 // 6232 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 6233 // isn't recognized. 6234 // 6235 // * PolicyTypeNotEnabledException 6236 // The specified policy type isn't currently enabled in this root. You can't 6237 // attach policies of the specified type to entities in a root until you enable 6238 // that type in the root. For more information, see Enabling All Features in 6239 // Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 6240 // in the AWS Organizations User Guide. 6241 // 6242 // * RootNotFoundException 6243 // We can't find a root with the RootId that you specified. 6244 // 6245 // * ServiceException 6246 // AWS Organizations can't complete your request because of an internal service 6247 // error. Try again later. 6248 // 6249 // * TooManyRequestsException 6250 // You have sent too many requests in too short a period of time. The quota 6251 // helps protect against denial-of-service attacks. Try again later. 6252 // 6253 // For information about quotas that affect AWS Organizations, see Quotas for 6254 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 6255 // the AWS Organizations User Guide. 6256 // 6257 // * UnsupportedAPIEndpointException 6258 // This action isn't available in the current AWS Region. 6259 // 6260 // * PolicyChangesInProgressException 6261 // Changes to the effective policy are in progress, and its contents can't be 6262 // returned. Try the operation again later. 6263 // 6264 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType 6265 func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) { 6266 req, out := c.DisablePolicyTypeRequest(input) 6267 return out, req.Send() 6268 } 6269 6270 // DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of 6271 // the ability to pass a context and additional request options. 6272 // 6273 // See DisablePolicyType for details on how to use this API operation. 6274 // 6275 // The context must be non-nil and will be used for request cancellation. If 6276 // the context is nil a panic will occur. In the future the SDK may create 6277 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6278 // for more information on using Contexts. 6279 func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) { 6280 req, out := c.DisablePolicyTypeRequest(input) 6281 req.SetContext(ctx) 6282 req.ApplyOptions(opts...) 6283 return out, req.Send() 6284 } 6285 6286 const opEnableAWSServiceAccess = "EnableAWSServiceAccess" 6287 6288 // EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the 6289 // client's request for the EnableAWSServiceAccess operation. The "output" return 6290 // value will be populated with the request's response once the request completes 6291 // successfully. 6292 // 6293 // Use "Send" method on the returned Request to send the API call to the service. 6294 // the "output" return value is not valid until after Send returns without error. 6295 // 6296 // See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess 6297 // API call, and error handling. 6298 // 6299 // This method is useful when you want to inject custom logic or configuration 6300 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 6301 // 6302 // 6303 // // Example sending a request using the EnableAWSServiceAccessRequest method. 6304 // req, resp := client.EnableAWSServiceAccessRequest(params) 6305 // 6306 // err := req.Send() 6307 // if err == nil { // resp is now filled 6308 // fmt.Println(resp) 6309 // } 6310 // 6311 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 6312 func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) { 6313 op := &request.Operation{ 6314 Name: opEnableAWSServiceAccess, 6315 HTTPMethod: "POST", 6316 HTTPPath: "/", 6317 } 6318 6319 if input == nil { 6320 input = &EnableAWSServiceAccessInput{} 6321 } 6322 6323 output = &EnableAWSServiceAccessOutput{} 6324 req = c.newRequest(op, input, output) 6325 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 6326 return 6327 } 6328 6329 // EnableAWSServiceAccess API operation for AWS Organizations. 6330 // 6331 // Enables the integration of an AWS service (the service that is specified 6332 // by ServicePrincipal) with AWS Organizations. When you enable integration, 6333 // you allow the specified service to create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) 6334 // in all the accounts in your organization. This allows the service to perform 6335 // operations on your behalf in your organization and its accounts. 6336 // 6337 // We recommend that you enable integration between AWS Organizations and the 6338 // specified AWS service by using the console or commands that are provided 6339 // by the specified service. Doing so ensures that the service is aware that 6340 // it can create the resources that are required for the integration. How the 6341 // service creates those resources in the organization's accounts depends on 6342 // that service. For more information, see the documentation for the other AWS 6343 // service. 6344 // 6345 // For more information about enabling services to integrate with AWS Organizations, 6346 // see Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 6347 // in the AWS Organizations User Guide. 6348 // 6349 // This operation can be called only from the organization's management account 6350 // and only if the organization has enabled all features (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html). 6351 // 6352 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6353 // with awserr.Error's Code and Message methods to get detailed information about 6354 // the error. 6355 // 6356 // See the AWS API reference guide for AWS Organizations's 6357 // API operation EnableAWSServiceAccess for usage and error information. 6358 // 6359 // Returned Error Types: 6360 // * AccessDeniedException 6361 // You don't have permissions to perform the requested operation. The user or 6362 // role that is making the request must have at least one IAM permissions policy 6363 // attached that grants the required permissions. For more information, see 6364 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6365 // in the IAM User Guide. 6366 // 6367 // * AWSOrganizationsNotInUseException 6368 // Your account isn't a member of an organization. To make this request, you 6369 // must use the credentials of an account that belongs to an organization. 6370 // 6371 // * ConcurrentModificationException 6372 // The target of the operation is currently being modified by a different request. 6373 // Try again later. 6374 // 6375 // * ConstraintViolationException 6376 // Performing this operation violates a minimum or maximum value limit. For 6377 // example, attempting to remove the last service control policy (SCP) from 6378 // an OU or root, inviting or creating too many accounts to the organization, 6379 // or attaching too many policies to an account, OU, or root. This exception 6380 // includes a reason that contains additional information about the violated 6381 // limit: 6382 // 6383 // Some of the reasons in the following list might not be applicable to this 6384 // specific API or operation. 6385 // 6386 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 6387 // account from the organization. You can't remove the management account. 6388 // Instead, after you remove all member accounts, delete the organization 6389 // itself. 6390 // 6391 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6392 // from the organization that doesn't yet have enough information to exist 6393 // as a standalone account. This account requires you to first agree to the 6394 // AWS Customer Agreement. Follow the steps at Removing a member account 6395 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 6396 // the AWS Organizations User Guide. 6397 // 6398 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6399 // an account from the organization that doesn't yet have enough information 6400 // to exist as a standalone account. This account requires you to first complete 6401 // phone verification. Follow the steps at Removing a member account from 6402 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 6403 // in the AWS Organizations User Guide. 6404 // 6405 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6406 // of accounts that you can create in one day. 6407 // 6408 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6409 // the number of accounts in an organization. If you need more accounts, 6410 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 6411 // request an increase in your limit. Or the number of invitations that you 6412 // tried to send would cause you to exceed the limit of accounts in your 6413 // organization. Send fewer invitations or contact AWS Support to request 6414 // an increase in the number of accounts. Deleted and closed accounts still 6415 // count toward your limit. If you get this exception when running a command 6416 // immediately after creating the organization, wait one hour and try again. 6417 // After an hour, if the command continues to fail with this error, contact 6418 // AWS Support (https://console.aws.amazon.com/support/home#/). 6419 // 6420 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 6421 // register the management account of the organization as a delegated administrator 6422 // for an AWS service integrated with Organizations. You can designate only 6423 // a member account as a delegated administrator. 6424 // 6425 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 6426 // an account that is registered as a delegated administrator for a service 6427 // integrated with your organization. To complete this operation, you must 6428 // first deregister this account as a delegated administrator. 6429 // 6430 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 6431 // organization in the specified region, you must enable all features mode. 6432 // 6433 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 6434 // an AWS account as a delegated administrator for an AWS service that already 6435 // has a delegated administrator. To complete this operation, you must first 6436 // deregister any existing delegated administrators for this service. 6437 // 6438 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 6439 // valid for a limited period of time. You must resubmit the request and 6440 // generate a new verfication code. 6441 // 6442 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6443 // handshakes that you can send in one day. 6444 // 6445 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 6446 // in this organization, you first must migrate the organization's management 6447 // account to the marketplace that corresponds to the management account's 6448 // address. For example, accounts with India addresses must be associated 6449 // with the AISPL marketplace. All accounts in an organization must be associated 6450 // with the same marketplace. 6451 // 6452 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 6453 // in China. To create an organization, the master must have a valid business 6454 // license. For more information, contact customer support. 6455 // 6456 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 6457 // must first provide a valid contact address and phone number for the management 6458 // account. Then try the operation again. 6459 // 6460 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 6461 // management account must have an associated account in the AWS GovCloud 6462 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 6463 // in the AWS GovCloud User Guide. 6464 // 6465 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 6466 // with this management account, you first must associate a valid payment 6467 // instrument, such as a credit card, with the account. Follow the steps 6468 // at To leave an organization when all required account information has 6469 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6470 // in the AWS Organizations User Guide. 6471 // 6472 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 6473 // to register more delegated administrators than allowed for the service 6474 // principal. 6475 // 6476 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 6477 // number of policies of a certain type that can be attached to an entity 6478 // at one time. 6479 // 6480 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 6481 // on this resource. 6482 // 6483 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 6484 // with this member account, you first must associate a valid payment instrument, 6485 // such as a credit card, with the account. Follow the steps at To leave 6486 // an organization when all required account information has not yet been 6487 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 6488 // in the AWS Organizations User Guide. 6489 // 6490 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 6491 // policy from an entity that would cause the entity to have fewer than the 6492 // minimum number of policies of a certain type required. 6493 // 6494 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 6495 // that requires the organization to be configured to support all features. 6496 // An organization that supports only consolidated billing features can't 6497 // perform this operation. 6498 // 6499 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 6500 // too many levels deep. 6501 // 6502 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 6503 // that you can have in an organization. 6504 // 6505 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 6506 // is larger than the maximum size. 6507 // 6508 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 6509 // policies that you can have in an organization. 6510 // 6511 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 6512 // tags that are not compliant with the tag policy requirements for this 6513 // account. 6514 // 6515 // * InvalidInputException 6516 // The requested operation failed because you provided invalid values for one 6517 // or more of the request parameters. This exception includes a reason that 6518 // contains additional information about the violated limit: 6519 // 6520 // Some of the reasons in the following list might not be applicable to this 6521 // specific API or operation. 6522 // 6523 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 6524 // the same entity. 6525 // 6526 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6527 // can't be modified. 6528 // 6529 // * INPUT_REQUIRED: You must include a value for all required parameters. 6530 // 6531 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 6532 // for the invited account owner. 6533 // 6534 // * INVALID_ENUM: You specified an invalid value. 6535 // 6536 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 6537 // 6538 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6539 // characters. 6540 // 6541 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6542 // at least one invalid value. 6543 // 6544 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6545 // from the response to a previous call of the operation. 6546 // 6547 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6548 // organization, or email) as a party. 6549 // 6550 // * INVALID_PATTERN: You provided a value that doesn't match the required 6551 // pattern. 6552 // 6553 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6554 // match the required pattern. 6555 // 6556 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6557 // name can't begin with the reserved prefix AWSServiceRoleFor. 6558 // 6559 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6560 // Name (ARN) for the organization. 6561 // 6562 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6563 // 6564 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6565 // tag. You can’t add, edit, or delete system tag keys because they're 6566 // reserved for AWS use. System tags don’t count against your tags per 6567 // resource limit. 6568 // 6569 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6570 // for the operation. 6571 // 6572 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6573 // than allowed. 6574 // 6575 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6576 // value than allowed. 6577 // 6578 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6579 // than allowed. 6580 // 6581 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6582 // value than allowed. 6583 // 6584 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6585 // between entities in the same root. 6586 // 6587 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 6588 // target entity. 6589 // 6590 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 6591 // isn't recognized. 6592 // 6593 // * ServiceException 6594 // AWS Organizations can't complete your request because of an internal service 6595 // error. Try again later. 6596 // 6597 // * TooManyRequestsException 6598 // You have sent too many requests in too short a period of time. The quota 6599 // helps protect against denial-of-service attacks. Try again later. 6600 // 6601 // For information about quotas that affect AWS Organizations, see Quotas for 6602 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 6603 // the AWS Organizations User Guide. 6604 // 6605 // * UnsupportedAPIEndpointException 6606 // This action isn't available in the current AWS Region. 6607 // 6608 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess 6609 func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) { 6610 req, out := c.EnableAWSServiceAccessRequest(input) 6611 return out, req.Send() 6612 } 6613 6614 // EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of 6615 // the ability to pass a context and additional request options. 6616 // 6617 // See EnableAWSServiceAccess for details on how to use this API operation. 6618 // 6619 // The context must be non-nil and will be used for request cancellation. If 6620 // the context is nil a panic will occur. In the future the SDK may create 6621 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6622 // for more information on using Contexts. 6623 func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) { 6624 req, out := c.EnableAWSServiceAccessRequest(input) 6625 req.SetContext(ctx) 6626 req.ApplyOptions(opts...) 6627 return out, req.Send() 6628 } 6629 6630 const opEnableAllFeatures = "EnableAllFeatures" 6631 6632 // EnableAllFeaturesRequest generates a "aws/request.Request" representing the 6633 // client's request for the EnableAllFeatures operation. The "output" return 6634 // value will be populated with the request's response once the request completes 6635 // successfully. 6636 // 6637 // Use "Send" method on the returned Request to send the API call to the service. 6638 // the "output" return value is not valid until after Send returns without error. 6639 // 6640 // See EnableAllFeatures for more information on using the EnableAllFeatures 6641 // API call, and error handling. 6642 // 6643 // This method is useful when you want to inject custom logic or configuration 6644 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 6645 // 6646 // 6647 // // Example sending a request using the EnableAllFeaturesRequest method. 6648 // req, resp := client.EnableAllFeaturesRequest(params) 6649 // 6650 // err := req.Send() 6651 // if err == nil { // resp is now filled 6652 // fmt.Println(resp) 6653 // } 6654 // 6655 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 6656 func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) { 6657 op := &request.Operation{ 6658 Name: opEnableAllFeatures, 6659 HTTPMethod: "POST", 6660 HTTPPath: "/", 6661 } 6662 6663 if input == nil { 6664 input = &EnableAllFeaturesInput{} 6665 } 6666 6667 output = &EnableAllFeaturesOutput{} 6668 req = c.newRequest(op, input, output) 6669 return 6670 } 6671 6672 // EnableAllFeatures API operation for AWS Organizations. 6673 // 6674 // Enables all features in an organization. This enables the use of organization 6675 // policies that can restrict the services and actions that can be called in 6676 // each account. Until you enable all features, you have access only to consolidated 6677 // billing, and you can't use any of the advanced account administration features 6678 // that AWS Organizations supports. For more information, see Enabling All Features 6679 // in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 6680 // in the AWS Organizations User Guide. 6681 // 6682 // This operation is required only for organizations that were created explicitly 6683 // with only the consolidated billing features enabled. Calling this operation 6684 // sends a handshake to every invited account in the organization. The feature 6685 // set change can be finalized and the additional features enabled only after 6686 // all administrators in the invited accounts approve the change by accepting 6687 // the handshake. 6688 // 6689 // After you enable all features, you can separately enable or disable individual 6690 // policy types in a root using EnablePolicyType and DisablePolicyType. To see 6691 // the status of policy types in a root, use ListRoots. 6692 // 6693 // After all invited member accounts accept the handshake, you finalize the 6694 // feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES". 6695 // This completes the change. 6696 // 6697 // After you enable all features in your organization, the management account 6698 // in the organization can apply policies on all member accounts. These policies 6699 // can restrict what users and even administrators in those accounts can do. 6700 // The management account can apply policies that prevent accounts from leaving 6701 // the organization. Ensure that your account administrators are aware of this. 6702 // 6703 // This operation can be called only from the organization's management account. 6704 // 6705 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6706 // with awserr.Error's Code and Message methods to get detailed information about 6707 // the error. 6708 // 6709 // See the AWS API reference guide for AWS Organizations's 6710 // API operation EnableAllFeatures for usage and error information. 6711 // 6712 // Returned Error Types: 6713 // * AccessDeniedException 6714 // You don't have permissions to perform the requested operation. The user or 6715 // role that is making the request must have at least one IAM permissions policy 6716 // attached that grants the required permissions. For more information, see 6717 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6718 // in the IAM User Guide. 6719 // 6720 // * AWSOrganizationsNotInUseException 6721 // Your account isn't a member of an organization. To make this request, you 6722 // must use the credentials of an account that belongs to an organization. 6723 // 6724 // * ConcurrentModificationException 6725 // The target of the operation is currently being modified by a different request. 6726 // Try again later. 6727 // 6728 // * HandshakeConstraintViolationException 6729 // The requested operation would violate the constraint identified in the reason 6730 // code. 6731 // 6732 // Some of the reasons in the following list might not be applicable to this 6733 // specific API or operation: 6734 // 6735 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 6736 // the number of accounts in an organization. Note that deleted and closed 6737 // accounts still count toward your limit. If you get this exception immediately 6738 // after creating the organization, wait one hour and try again. If after 6739 // an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 6740 // 6741 // * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 6742 // the invited account is already a member of an organization. 6743 // 6744 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 6745 // handshakes that you can send in one day. 6746 // 6747 // * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 6748 // to join an organization while it's in the process of enabling all features. 6749 // You can resume inviting accounts after you finalize the process when all 6750 // accounts have agreed to the change. 6751 // 6752 // * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 6753 // because the organization has already enabled all features. 6754 // 6755 // * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake 6756 // request is invalid because the organization has already started the process 6757 // to enable all features. 6758 // 6759 // * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 6760 // the account is from a different marketplace than the accounts in the organization. 6761 // For example, accounts with India addresses must be associated with the 6762 // AISPL marketplace. All accounts in an organization must be from the same 6763 // marketplace. 6764 // 6765 // * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 6766 // change the membership of an account too quickly after its previous change. 6767 // 6768 // * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 6769 // account that doesn't have a payment instrument, such as a credit card, 6770 // associated with it. 6771 // 6772 // * InvalidInputException 6773 // The requested operation failed because you provided invalid values for one 6774 // or more of the request parameters. This exception includes a reason that 6775 // contains additional information about the violated limit: 6776 // 6777 // Some of the reasons in the following list might not be applicable to this 6778 // specific API or operation. 6779 // 6780 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 6781 // the same entity. 6782 // 6783 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 6784 // can't be modified. 6785 // 6786 // * INPUT_REQUIRED: You must include a value for all required parameters. 6787 // 6788 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 6789 // for the invited account owner. 6790 // 6791 // * INVALID_ENUM: You specified an invalid value. 6792 // 6793 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 6794 // 6795 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 6796 // characters. 6797 // 6798 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 6799 // at least one invalid value. 6800 // 6801 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 6802 // from the response to a previous call of the operation. 6803 // 6804 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 6805 // organization, or email) as a party. 6806 // 6807 // * INVALID_PATTERN: You provided a value that doesn't match the required 6808 // pattern. 6809 // 6810 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 6811 // match the required pattern. 6812 // 6813 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 6814 // name can't begin with the reserved prefix AWSServiceRoleFor. 6815 // 6816 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 6817 // Name (ARN) for the organization. 6818 // 6819 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 6820 // 6821 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 6822 // tag. You can’t add, edit, or delete system tag keys because they're 6823 // reserved for AWS use. System tags don’t count against your tags per 6824 // resource limit. 6825 // 6826 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 6827 // for the operation. 6828 // 6829 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 6830 // than allowed. 6831 // 6832 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 6833 // value than allowed. 6834 // 6835 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 6836 // than allowed. 6837 // 6838 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 6839 // value than allowed. 6840 // 6841 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 6842 // between entities in the same root. 6843 // 6844 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 6845 // target entity. 6846 // 6847 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 6848 // isn't recognized. 6849 // 6850 // * ServiceException 6851 // AWS Organizations can't complete your request because of an internal service 6852 // error. Try again later. 6853 // 6854 // * TooManyRequestsException 6855 // You have sent too many requests in too short a period of time. The quota 6856 // helps protect against denial-of-service attacks. Try again later. 6857 // 6858 // For information about quotas that affect AWS Organizations, see Quotas for 6859 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 6860 // the AWS Organizations User Guide. 6861 // 6862 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures 6863 func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) { 6864 req, out := c.EnableAllFeaturesRequest(input) 6865 return out, req.Send() 6866 } 6867 6868 // EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of 6869 // the ability to pass a context and additional request options. 6870 // 6871 // See EnableAllFeatures for details on how to use this API operation. 6872 // 6873 // The context must be non-nil and will be used for request cancellation. If 6874 // the context is nil a panic will occur. In the future the SDK may create 6875 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 6876 // for more information on using Contexts. 6877 func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) { 6878 req, out := c.EnableAllFeaturesRequest(input) 6879 req.SetContext(ctx) 6880 req.ApplyOptions(opts...) 6881 return out, req.Send() 6882 } 6883 6884 const opEnablePolicyType = "EnablePolicyType" 6885 6886 // EnablePolicyTypeRequest generates a "aws/request.Request" representing the 6887 // client's request for the EnablePolicyType operation. The "output" return 6888 // value will be populated with the request's response once the request completes 6889 // successfully. 6890 // 6891 // Use "Send" method on the returned Request to send the API call to the service. 6892 // the "output" return value is not valid until after Send returns without error. 6893 // 6894 // See EnablePolicyType for more information on using the EnablePolicyType 6895 // API call, and error handling. 6896 // 6897 // This method is useful when you want to inject custom logic or configuration 6898 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 6899 // 6900 // 6901 // // Example sending a request using the EnablePolicyTypeRequest method. 6902 // req, resp := client.EnablePolicyTypeRequest(params) 6903 // 6904 // err := req.Send() 6905 // if err == nil { // resp is now filled 6906 // fmt.Println(resp) 6907 // } 6908 // 6909 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 6910 func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) { 6911 op := &request.Operation{ 6912 Name: opEnablePolicyType, 6913 HTTPMethod: "POST", 6914 HTTPPath: "/", 6915 } 6916 6917 if input == nil { 6918 input = &EnablePolicyTypeInput{} 6919 } 6920 6921 output = &EnablePolicyTypeOutput{} 6922 req = c.newRequest(op, input, output) 6923 return 6924 } 6925 6926 // EnablePolicyType API operation for AWS Organizations. 6927 // 6928 // Enables a policy type in a root. After you enable a policy type in a root, 6929 // you can attach policies of that type to the root, any organizational unit 6930 // (OU), or account in that root. You can undo this by using the DisablePolicyType 6931 // operation. 6932 // 6933 // This is an asynchronous request that AWS performs in the background. AWS 6934 // recommends that you first use ListRoots to see the status of policy types 6935 // for a specified root, and then use this operation. 6936 // 6937 // This operation can be called only from the organization's management account. 6938 // 6939 // You can enable a policy type in a root only if that policy type is available 6940 // in the organization. To view the status of available policy types in the 6941 // organization, use DescribeOrganization. 6942 // 6943 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 6944 // with awserr.Error's Code and Message methods to get detailed information about 6945 // the error. 6946 // 6947 // See the AWS API reference guide for AWS Organizations's 6948 // API operation EnablePolicyType for usage and error information. 6949 // 6950 // Returned Error Types: 6951 // * AccessDeniedException 6952 // You don't have permissions to perform the requested operation. The user or 6953 // role that is making the request must have at least one IAM permissions policy 6954 // attached that grants the required permissions. For more information, see 6955 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 6956 // in the IAM User Guide. 6957 // 6958 // * AWSOrganizationsNotInUseException 6959 // Your account isn't a member of an organization. To make this request, you 6960 // must use the credentials of an account that belongs to an organization. 6961 // 6962 // * ConcurrentModificationException 6963 // The target of the operation is currently being modified by a different request. 6964 // Try again later. 6965 // 6966 // * ConstraintViolationException 6967 // Performing this operation violates a minimum or maximum value limit. For 6968 // example, attempting to remove the last service control policy (SCP) from 6969 // an OU or root, inviting or creating too many accounts to the organization, 6970 // or attaching too many policies to an account, OU, or root. This exception 6971 // includes a reason that contains additional information about the violated 6972 // limit: 6973 // 6974 // Some of the reasons in the following list might not be applicable to this 6975 // specific API or operation. 6976 // 6977 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 6978 // account from the organization. You can't remove the management account. 6979 // Instead, after you remove all member accounts, delete the organization 6980 // itself. 6981 // 6982 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 6983 // from the organization that doesn't yet have enough information to exist 6984 // as a standalone account. This account requires you to first agree to the 6985 // AWS Customer Agreement. Follow the steps at Removing a member account 6986 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 6987 // the AWS Organizations User Guide. 6988 // 6989 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 6990 // an account from the organization that doesn't yet have enough information 6991 // to exist as a standalone account. This account requires you to first complete 6992 // phone verification. Follow the steps at Removing a member account from 6993 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 6994 // in the AWS Organizations User Guide. 6995 // 6996 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 6997 // of accounts that you can create in one day. 6998 // 6999 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7000 // the number of accounts in an organization. If you need more accounts, 7001 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 7002 // request an increase in your limit. Or the number of invitations that you 7003 // tried to send would cause you to exceed the limit of accounts in your 7004 // organization. Send fewer invitations or contact AWS Support to request 7005 // an increase in the number of accounts. Deleted and closed accounts still 7006 // count toward your limit. If you get this exception when running a command 7007 // immediately after creating the organization, wait one hour and try again. 7008 // After an hour, if the command continues to fail with this error, contact 7009 // AWS Support (https://console.aws.amazon.com/support/home#/). 7010 // 7011 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 7012 // register the management account of the organization as a delegated administrator 7013 // for an AWS service integrated with Organizations. You can designate only 7014 // a member account as a delegated administrator. 7015 // 7016 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 7017 // an account that is registered as a delegated administrator for a service 7018 // integrated with your organization. To complete this operation, you must 7019 // first deregister this account as a delegated administrator. 7020 // 7021 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 7022 // organization in the specified region, you must enable all features mode. 7023 // 7024 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 7025 // an AWS account as a delegated administrator for an AWS service that already 7026 // has a delegated administrator. To complete this operation, you must first 7027 // deregister any existing delegated administrators for this service. 7028 // 7029 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 7030 // valid for a limited period of time. You must resubmit the request and 7031 // generate a new verfication code. 7032 // 7033 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7034 // handshakes that you can send in one day. 7035 // 7036 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 7037 // in this organization, you first must migrate the organization's management 7038 // account to the marketplace that corresponds to the management account's 7039 // address. For example, accounts with India addresses must be associated 7040 // with the AISPL marketplace. All accounts in an organization must be associated 7041 // with the same marketplace. 7042 // 7043 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 7044 // in China. To create an organization, the master must have a valid business 7045 // license. For more information, contact customer support. 7046 // 7047 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 7048 // must first provide a valid contact address and phone number for the management 7049 // account. Then try the operation again. 7050 // 7051 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 7052 // management account must have an associated account in the AWS GovCloud 7053 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 7054 // in the AWS GovCloud User Guide. 7055 // 7056 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 7057 // with this management account, you first must associate a valid payment 7058 // instrument, such as a credit card, with the account. Follow the steps 7059 // at To leave an organization when all required account information has 7060 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7061 // in the AWS Organizations User Guide. 7062 // 7063 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 7064 // to register more delegated administrators than allowed for the service 7065 // principal. 7066 // 7067 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 7068 // number of policies of a certain type that can be attached to an entity 7069 // at one time. 7070 // 7071 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 7072 // on this resource. 7073 // 7074 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 7075 // with this member account, you first must associate a valid payment instrument, 7076 // such as a credit card, with the account. Follow the steps at To leave 7077 // an organization when all required account information has not yet been 7078 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7079 // in the AWS Organizations User Guide. 7080 // 7081 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 7082 // policy from an entity that would cause the entity to have fewer than the 7083 // minimum number of policies of a certain type required. 7084 // 7085 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 7086 // that requires the organization to be configured to support all features. 7087 // An organization that supports only consolidated billing features can't 7088 // perform this operation. 7089 // 7090 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 7091 // too many levels deep. 7092 // 7093 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 7094 // that you can have in an organization. 7095 // 7096 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 7097 // is larger than the maximum size. 7098 // 7099 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 7100 // policies that you can have in an organization. 7101 // 7102 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 7103 // tags that are not compliant with the tag policy requirements for this 7104 // account. 7105 // 7106 // * InvalidInputException 7107 // The requested operation failed because you provided invalid values for one 7108 // or more of the request parameters. This exception includes a reason that 7109 // contains additional information about the violated limit: 7110 // 7111 // Some of the reasons in the following list might not be applicable to this 7112 // specific API or operation. 7113 // 7114 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 7115 // the same entity. 7116 // 7117 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7118 // can't be modified. 7119 // 7120 // * INPUT_REQUIRED: You must include a value for all required parameters. 7121 // 7122 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 7123 // for the invited account owner. 7124 // 7125 // * INVALID_ENUM: You specified an invalid value. 7126 // 7127 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 7128 // 7129 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7130 // characters. 7131 // 7132 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7133 // at least one invalid value. 7134 // 7135 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7136 // from the response to a previous call of the operation. 7137 // 7138 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7139 // organization, or email) as a party. 7140 // 7141 // * INVALID_PATTERN: You provided a value that doesn't match the required 7142 // pattern. 7143 // 7144 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7145 // match the required pattern. 7146 // 7147 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7148 // name can't begin with the reserved prefix AWSServiceRoleFor. 7149 // 7150 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7151 // Name (ARN) for the organization. 7152 // 7153 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7154 // 7155 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7156 // tag. You can’t add, edit, or delete system tag keys because they're 7157 // reserved for AWS use. System tags don’t count against your tags per 7158 // resource limit. 7159 // 7160 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7161 // for the operation. 7162 // 7163 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7164 // than allowed. 7165 // 7166 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7167 // value than allowed. 7168 // 7169 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7170 // than allowed. 7171 // 7172 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7173 // value than allowed. 7174 // 7175 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7176 // between entities in the same root. 7177 // 7178 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 7179 // target entity. 7180 // 7181 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 7182 // isn't recognized. 7183 // 7184 // * PolicyTypeAlreadyEnabledException 7185 // The specified policy type is already enabled in the specified root. 7186 // 7187 // * RootNotFoundException 7188 // We can't find a root with the RootId that you specified. 7189 // 7190 // * ServiceException 7191 // AWS Organizations can't complete your request because of an internal service 7192 // error. Try again later. 7193 // 7194 // * TooManyRequestsException 7195 // You have sent too many requests in too short a period of time. The quota 7196 // helps protect against denial-of-service attacks. Try again later. 7197 // 7198 // For information about quotas that affect AWS Organizations, see Quotas for 7199 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7200 // the AWS Organizations User Guide. 7201 // 7202 // * PolicyTypeNotAvailableForOrganizationException 7203 // You can't use the specified policy type with the feature set currently enabled 7204 // for this organization. For example, you can enable SCPs only after you enable 7205 // all features in the organization. For more information, see Managing AWS 7206 // Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in 7207 // the AWS Organizations User Guide. 7208 // 7209 // * UnsupportedAPIEndpointException 7210 // This action isn't available in the current AWS Region. 7211 // 7212 // * PolicyChangesInProgressException 7213 // Changes to the effective policy are in progress, and its contents can't be 7214 // returned. Try the operation again later. 7215 // 7216 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType 7217 func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) { 7218 req, out := c.EnablePolicyTypeRequest(input) 7219 return out, req.Send() 7220 } 7221 7222 // EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of 7223 // the ability to pass a context and additional request options. 7224 // 7225 // See EnablePolicyType for details on how to use this API operation. 7226 // 7227 // The context must be non-nil and will be used for request cancellation. If 7228 // the context is nil a panic will occur. In the future the SDK may create 7229 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7230 // for more information on using Contexts. 7231 func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) { 7232 req, out := c.EnablePolicyTypeRequest(input) 7233 req.SetContext(ctx) 7234 req.ApplyOptions(opts...) 7235 return out, req.Send() 7236 } 7237 7238 const opInviteAccountToOrganization = "InviteAccountToOrganization" 7239 7240 // InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the 7241 // client's request for the InviteAccountToOrganization operation. The "output" return 7242 // value will be populated with the request's response once the request completes 7243 // successfully. 7244 // 7245 // Use "Send" method on the returned Request to send the API call to the service. 7246 // the "output" return value is not valid until after Send returns without error. 7247 // 7248 // See InviteAccountToOrganization for more information on using the InviteAccountToOrganization 7249 // API call, and error handling. 7250 // 7251 // This method is useful when you want to inject custom logic or configuration 7252 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 7253 // 7254 // 7255 // // Example sending a request using the InviteAccountToOrganizationRequest method. 7256 // req, resp := client.InviteAccountToOrganizationRequest(params) 7257 // 7258 // err := req.Send() 7259 // if err == nil { // resp is now filled 7260 // fmt.Println(resp) 7261 // } 7262 // 7263 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 7264 func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) { 7265 op := &request.Operation{ 7266 Name: opInviteAccountToOrganization, 7267 HTTPMethod: "POST", 7268 HTTPPath: "/", 7269 } 7270 7271 if input == nil { 7272 input = &InviteAccountToOrganizationInput{} 7273 } 7274 7275 output = &InviteAccountToOrganizationOutput{} 7276 req = c.newRequest(op, input, output) 7277 return 7278 } 7279 7280 // InviteAccountToOrganization API operation for AWS Organizations. 7281 // 7282 // Sends an invitation to another account to join your organization as a member 7283 // account. AWS Organizations sends email on your behalf to the email address 7284 // that is associated with the other account's owner. The invitation is implemented 7285 // as a Handshake whose details are in the response. 7286 // 7287 // * You can invite AWS accounts only from the same seller as the management 7288 // account. For example, if your organization's management account was created 7289 // by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India, 7290 // you can invite only other AISPL accounts to your organization. You can't 7291 // combine accounts from AISPL and AWS or from any other AWS seller. For 7292 // more information, see Consolidated Billing in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html). 7293 // 7294 // * If you receive an exception that indicates that you exceeded your account 7295 // limits for the organization or that the operation failed because your 7296 // organization is still initializing, wait one hour and then try again. 7297 // If the error persists after an hour, contact AWS Support (https://console.aws.amazon.com/support/home#/). 7298 // 7299 // If the request includes tags, then the requester must have the organizations:TagResource 7300 // permission. 7301 // 7302 // This operation can be called only from the organization's management account. 7303 // 7304 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7305 // with awserr.Error's Code and Message methods to get detailed information about 7306 // the error. 7307 // 7308 // See the AWS API reference guide for AWS Organizations's 7309 // API operation InviteAccountToOrganization for usage and error information. 7310 // 7311 // Returned Error Types: 7312 // * AccessDeniedException 7313 // You don't have permissions to perform the requested operation. The user or 7314 // role that is making the request must have at least one IAM permissions policy 7315 // attached that grants the required permissions. For more information, see 7316 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7317 // in the IAM User Guide. 7318 // 7319 // * AWSOrganizationsNotInUseException 7320 // Your account isn't a member of an organization. To make this request, you 7321 // must use the credentials of an account that belongs to an organization. 7322 // 7323 // * AccountOwnerNotVerifiedException 7324 // You can't invite an existing account to your organization until you verify 7325 // that you own the email address associated with the management account. For 7326 // more information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) 7327 // in the AWS Organizations User Guide. 7328 // 7329 // * ConcurrentModificationException 7330 // The target of the operation is currently being modified by a different request. 7331 // Try again later. 7332 // 7333 // * HandshakeConstraintViolationException 7334 // The requested operation would violate the constraint identified in the reason 7335 // code. 7336 // 7337 // Some of the reasons in the following list might not be applicable to this 7338 // specific API or operation: 7339 // 7340 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7341 // the number of accounts in an organization. Note that deleted and closed 7342 // accounts still count toward your limit. If you get this exception immediately 7343 // after creating the organization, wait one hour and try again. If after 7344 // an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 7345 // 7346 // * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 7347 // the invited account is already a member of an organization. 7348 // 7349 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7350 // handshakes that you can send in one day. 7351 // 7352 // * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 7353 // to join an organization while it's in the process of enabling all features. 7354 // You can resume inviting accounts after you finalize the process when all 7355 // accounts have agreed to the change. 7356 // 7357 // * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 7358 // because the organization has already enabled all features. 7359 // 7360 // * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake 7361 // request is invalid because the organization has already started the process 7362 // to enable all features. 7363 // 7364 // * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 7365 // the account is from a different marketplace than the accounts in the organization. 7366 // For example, accounts with India addresses must be associated with the 7367 // AISPL marketplace. All accounts in an organization must be from the same 7368 // marketplace. 7369 // 7370 // * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 7371 // change the membership of an account too quickly after its previous change. 7372 // 7373 // * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 7374 // account that doesn't have a payment instrument, such as a credit card, 7375 // associated with it. 7376 // 7377 // * DuplicateHandshakeException 7378 // A handshake with the same action and target already exists. For example, 7379 // if you invited an account to join your organization, the invited account 7380 // might already have a pending invitation from this organization. If you intend 7381 // to resend an invitation to an account, ensure that existing handshakes that 7382 // might be considered duplicates are canceled or declined. 7383 // 7384 // * ConstraintViolationException 7385 // Performing this operation violates a minimum or maximum value limit. For 7386 // example, attempting to remove the last service control policy (SCP) from 7387 // an OU or root, inviting or creating too many accounts to the organization, 7388 // or attaching too many policies to an account, OU, or root. This exception 7389 // includes a reason that contains additional information about the violated 7390 // limit: 7391 // 7392 // Some of the reasons in the following list might not be applicable to this 7393 // specific API or operation. 7394 // 7395 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 7396 // account from the organization. You can't remove the management account. 7397 // Instead, after you remove all member accounts, delete the organization 7398 // itself. 7399 // 7400 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 7401 // from the organization that doesn't yet have enough information to exist 7402 // as a standalone account. This account requires you to first agree to the 7403 // AWS Customer Agreement. Follow the steps at Removing a member account 7404 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 7405 // the AWS Organizations User Guide. 7406 // 7407 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 7408 // an account from the organization that doesn't yet have enough information 7409 // to exist as a standalone account. This account requires you to first complete 7410 // phone verification. Follow the steps at Removing a member account from 7411 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 7412 // in the AWS Organizations User Guide. 7413 // 7414 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 7415 // of accounts that you can create in one day. 7416 // 7417 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7418 // the number of accounts in an organization. If you need more accounts, 7419 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 7420 // request an increase in your limit. Or the number of invitations that you 7421 // tried to send would cause you to exceed the limit of accounts in your 7422 // organization. Send fewer invitations or contact AWS Support to request 7423 // an increase in the number of accounts. Deleted and closed accounts still 7424 // count toward your limit. If you get this exception when running a command 7425 // immediately after creating the organization, wait one hour and try again. 7426 // After an hour, if the command continues to fail with this error, contact 7427 // AWS Support (https://console.aws.amazon.com/support/home#/). 7428 // 7429 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 7430 // register the management account of the organization as a delegated administrator 7431 // for an AWS service integrated with Organizations. You can designate only 7432 // a member account as a delegated administrator. 7433 // 7434 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 7435 // an account that is registered as a delegated administrator for a service 7436 // integrated with your organization. To complete this operation, you must 7437 // first deregister this account as a delegated administrator. 7438 // 7439 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 7440 // organization in the specified region, you must enable all features mode. 7441 // 7442 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 7443 // an AWS account as a delegated administrator for an AWS service that already 7444 // has a delegated administrator. To complete this operation, you must first 7445 // deregister any existing delegated administrators for this service. 7446 // 7447 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 7448 // valid for a limited period of time. You must resubmit the request and 7449 // generate a new verfication code. 7450 // 7451 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7452 // handshakes that you can send in one day. 7453 // 7454 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 7455 // in this organization, you first must migrate the organization's management 7456 // account to the marketplace that corresponds to the management account's 7457 // address. For example, accounts with India addresses must be associated 7458 // with the AISPL marketplace. All accounts in an organization must be associated 7459 // with the same marketplace. 7460 // 7461 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 7462 // in China. To create an organization, the master must have a valid business 7463 // license. For more information, contact customer support. 7464 // 7465 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 7466 // must first provide a valid contact address and phone number for the management 7467 // account. Then try the operation again. 7468 // 7469 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 7470 // management account must have an associated account in the AWS GovCloud 7471 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 7472 // in the AWS GovCloud User Guide. 7473 // 7474 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 7475 // with this management account, you first must associate a valid payment 7476 // instrument, such as a credit card, with the account. Follow the steps 7477 // at To leave an organization when all required account information has 7478 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7479 // in the AWS Organizations User Guide. 7480 // 7481 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 7482 // to register more delegated administrators than allowed for the service 7483 // principal. 7484 // 7485 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 7486 // number of policies of a certain type that can be attached to an entity 7487 // at one time. 7488 // 7489 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 7490 // on this resource. 7491 // 7492 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 7493 // with this member account, you first must associate a valid payment instrument, 7494 // such as a credit card, with the account. Follow the steps at To leave 7495 // an organization when all required account information has not yet been 7496 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7497 // in the AWS Organizations User Guide. 7498 // 7499 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 7500 // policy from an entity that would cause the entity to have fewer than the 7501 // minimum number of policies of a certain type required. 7502 // 7503 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 7504 // that requires the organization to be configured to support all features. 7505 // An organization that supports only consolidated billing features can't 7506 // perform this operation. 7507 // 7508 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 7509 // too many levels deep. 7510 // 7511 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 7512 // that you can have in an organization. 7513 // 7514 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 7515 // is larger than the maximum size. 7516 // 7517 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 7518 // policies that you can have in an organization. 7519 // 7520 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 7521 // tags that are not compliant with the tag policy requirements for this 7522 // account. 7523 // 7524 // * InvalidInputException 7525 // The requested operation failed because you provided invalid values for one 7526 // or more of the request parameters. This exception includes a reason that 7527 // contains additional information about the violated limit: 7528 // 7529 // Some of the reasons in the following list might not be applicable to this 7530 // specific API or operation. 7531 // 7532 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 7533 // the same entity. 7534 // 7535 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7536 // can't be modified. 7537 // 7538 // * INPUT_REQUIRED: You must include a value for all required parameters. 7539 // 7540 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 7541 // for the invited account owner. 7542 // 7543 // * INVALID_ENUM: You specified an invalid value. 7544 // 7545 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 7546 // 7547 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7548 // characters. 7549 // 7550 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7551 // at least one invalid value. 7552 // 7553 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7554 // from the response to a previous call of the operation. 7555 // 7556 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7557 // organization, or email) as a party. 7558 // 7559 // * INVALID_PATTERN: You provided a value that doesn't match the required 7560 // pattern. 7561 // 7562 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7563 // match the required pattern. 7564 // 7565 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7566 // name can't begin with the reserved prefix AWSServiceRoleFor. 7567 // 7568 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7569 // Name (ARN) for the organization. 7570 // 7571 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7572 // 7573 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7574 // tag. You can’t add, edit, or delete system tag keys because they're 7575 // reserved for AWS use. System tags don’t count against your tags per 7576 // resource limit. 7577 // 7578 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7579 // for the operation. 7580 // 7581 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7582 // than allowed. 7583 // 7584 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7585 // value than allowed. 7586 // 7587 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7588 // than allowed. 7589 // 7590 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7591 // value than allowed. 7592 // 7593 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7594 // between entities in the same root. 7595 // 7596 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 7597 // target entity. 7598 // 7599 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 7600 // isn't recognized. 7601 // 7602 // * FinalizingOrganizationException 7603 // AWS Organizations couldn't perform the operation because your organization 7604 // hasn't finished initializing. This can take up to an hour. Try again later. 7605 // If after one hour you continue to receive this error, contact AWS Support 7606 // (https://console.aws.amazon.com/support/home#/). 7607 // 7608 // * ServiceException 7609 // AWS Organizations can't complete your request because of an internal service 7610 // error. Try again later. 7611 // 7612 // * TooManyRequestsException 7613 // You have sent too many requests in too short a period of time. The quota 7614 // helps protect against denial-of-service attacks. Try again later. 7615 // 7616 // For information about quotas that affect AWS Organizations, see Quotas for 7617 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7618 // the AWS Organizations User Guide. 7619 // 7620 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization 7621 func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) { 7622 req, out := c.InviteAccountToOrganizationRequest(input) 7623 return out, req.Send() 7624 } 7625 7626 // InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of 7627 // the ability to pass a context and additional request options. 7628 // 7629 // See InviteAccountToOrganization for details on how to use this API operation. 7630 // 7631 // The context must be non-nil and will be used for request cancellation. If 7632 // the context is nil a panic will occur. In the future the SDK may create 7633 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 7634 // for more information on using Contexts. 7635 func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) { 7636 req, out := c.InviteAccountToOrganizationRequest(input) 7637 req.SetContext(ctx) 7638 req.ApplyOptions(opts...) 7639 return out, req.Send() 7640 } 7641 7642 const opLeaveOrganization = "LeaveOrganization" 7643 7644 // LeaveOrganizationRequest generates a "aws/request.Request" representing the 7645 // client's request for the LeaveOrganization operation. The "output" return 7646 // value will be populated with the request's response once the request completes 7647 // successfully. 7648 // 7649 // Use "Send" method on the returned Request to send the API call to the service. 7650 // the "output" return value is not valid until after Send returns without error. 7651 // 7652 // See LeaveOrganization for more information on using the LeaveOrganization 7653 // API call, and error handling. 7654 // 7655 // This method is useful when you want to inject custom logic or configuration 7656 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 7657 // 7658 // 7659 // // Example sending a request using the LeaveOrganizationRequest method. 7660 // req, resp := client.LeaveOrganizationRequest(params) 7661 // 7662 // err := req.Send() 7663 // if err == nil { // resp is now filled 7664 // fmt.Println(resp) 7665 // } 7666 // 7667 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 7668 func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) { 7669 op := &request.Operation{ 7670 Name: opLeaveOrganization, 7671 HTTPMethod: "POST", 7672 HTTPPath: "/", 7673 } 7674 7675 if input == nil { 7676 input = &LeaveOrganizationInput{} 7677 } 7678 7679 output = &LeaveOrganizationOutput{} 7680 req = c.newRequest(op, input, output) 7681 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 7682 return 7683 } 7684 7685 // LeaveOrganization API operation for AWS Organizations. 7686 // 7687 // Removes a member account from its parent organization. This version of the 7688 // operation is performed by the account that wants to leave. To remove a member 7689 // account as a user in the management account, use RemoveAccountFromOrganization 7690 // instead. 7691 // 7692 // This operation can be called only from a member account in the organization. 7693 // 7694 // * The management account in an organization with all features enabled 7695 // can set service control policies (SCPs) that can restrict what administrators 7696 // of member accounts can do. This includes preventing them from successfully 7697 // calling LeaveOrganization and leaving the organization. 7698 // 7699 // * You can leave an organization as a member account only if the account 7700 // is configured with the information required to operate as a standalone 7701 // account. When you create an account in an organization using the AWS Organizations 7702 // console, API, or CLI commands, the information required of standalone 7703 // accounts is not automatically collected. For each account that you want 7704 // to make standalone, you must perform the following steps. If any of the 7705 // steps are already completed for this account, that step doesn't appear. 7706 // Choose a support plan Provide and verify the required contact information 7707 // Provide a current payment method AWS uses the payment method to charge 7708 // for any billable (not free tier) AWS activity that occurs while the account 7709 // isn't attached to an organization. Follow the steps at To leave an organization 7710 // when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7711 // in the AWS Organizations User Guide. 7712 // 7713 // * The account that you want to leave must not be a delegated administrator 7714 // account for any AWS service enabled for your organization. If the account 7715 // is a delegated administrator, you must first change the delegated administrator 7716 // account to another account that is remaining in the organization. 7717 // 7718 // * You can leave an organization only after you enable IAM user access 7719 // to billing in your account. For more information, see Activating Access 7720 // to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 7721 // in the AWS Billing and Cost Management User Guide. 7722 // 7723 // * After the account leaves the organization, all tags that were attached 7724 // to the account object in the organization are deleted. AWS accounts outside 7725 // of an organization do not support tags. 7726 // 7727 // * A newly created account has a waiting period before it can be removed 7728 // from its organization. If you get an error that indicates that a wait 7729 // period is required, then try again in a few days. 7730 // 7731 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 7732 // with awserr.Error's Code and Message methods to get detailed information about 7733 // the error. 7734 // 7735 // See the AWS API reference guide for AWS Organizations's 7736 // API operation LeaveOrganization for usage and error information. 7737 // 7738 // Returned Error Types: 7739 // * AccessDeniedException 7740 // You don't have permissions to perform the requested operation. The user or 7741 // role that is making the request must have at least one IAM permissions policy 7742 // attached that grants the required permissions. For more information, see 7743 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 7744 // in the IAM User Guide. 7745 // 7746 // * AccountNotFoundException 7747 // We can't find an AWS account with the AccountId that you specified, or the 7748 // account whose credentials you used to make this request isn't a member of 7749 // an organization. 7750 // 7751 // * AWSOrganizationsNotInUseException 7752 // Your account isn't a member of an organization. To make this request, you 7753 // must use the credentials of an account that belongs to an organization. 7754 // 7755 // * ConcurrentModificationException 7756 // The target of the operation is currently being modified by a different request. 7757 // Try again later. 7758 // 7759 // * ConstraintViolationException 7760 // Performing this operation violates a minimum or maximum value limit. For 7761 // example, attempting to remove the last service control policy (SCP) from 7762 // an OU or root, inviting or creating too many accounts to the organization, 7763 // or attaching too many policies to an account, OU, or root. This exception 7764 // includes a reason that contains additional information about the violated 7765 // limit: 7766 // 7767 // Some of the reasons in the following list might not be applicable to this 7768 // specific API or operation. 7769 // 7770 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 7771 // account from the organization. You can't remove the management account. 7772 // Instead, after you remove all member accounts, delete the organization 7773 // itself. 7774 // 7775 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 7776 // from the organization that doesn't yet have enough information to exist 7777 // as a standalone account. This account requires you to first agree to the 7778 // AWS Customer Agreement. Follow the steps at Removing a member account 7779 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 7780 // the AWS Organizations User Guide. 7781 // 7782 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 7783 // an account from the organization that doesn't yet have enough information 7784 // to exist as a standalone account. This account requires you to first complete 7785 // phone verification. Follow the steps at Removing a member account from 7786 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 7787 // in the AWS Organizations User Guide. 7788 // 7789 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 7790 // of accounts that you can create in one day. 7791 // 7792 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 7793 // the number of accounts in an organization. If you need more accounts, 7794 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 7795 // request an increase in your limit. Or the number of invitations that you 7796 // tried to send would cause you to exceed the limit of accounts in your 7797 // organization. Send fewer invitations or contact AWS Support to request 7798 // an increase in the number of accounts. Deleted and closed accounts still 7799 // count toward your limit. If you get this exception when running a command 7800 // immediately after creating the organization, wait one hour and try again. 7801 // After an hour, if the command continues to fail with this error, contact 7802 // AWS Support (https://console.aws.amazon.com/support/home#/). 7803 // 7804 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 7805 // register the management account of the organization as a delegated administrator 7806 // for an AWS service integrated with Organizations. You can designate only 7807 // a member account as a delegated administrator. 7808 // 7809 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 7810 // an account that is registered as a delegated administrator for a service 7811 // integrated with your organization. To complete this operation, you must 7812 // first deregister this account as a delegated administrator. 7813 // 7814 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 7815 // organization in the specified region, you must enable all features mode. 7816 // 7817 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 7818 // an AWS account as a delegated administrator for an AWS service that already 7819 // has a delegated administrator. To complete this operation, you must first 7820 // deregister any existing delegated administrators for this service. 7821 // 7822 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 7823 // valid for a limited period of time. You must resubmit the request and 7824 // generate a new verfication code. 7825 // 7826 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 7827 // handshakes that you can send in one day. 7828 // 7829 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 7830 // in this organization, you first must migrate the organization's management 7831 // account to the marketplace that corresponds to the management account's 7832 // address. For example, accounts with India addresses must be associated 7833 // with the AISPL marketplace. All accounts in an organization must be associated 7834 // with the same marketplace. 7835 // 7836 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 7837 // in China. To create an organization, the master must have a valid business 7838 // license. For more information, contact customer support. 7839 // 7840 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 7841 // must first provide a valid contact address and phone number for the management 7842 // account. Then try the operation again. 7843 // 7844 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 7845 // management account must have an associated account in the AWS GovCloud 7846 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 7847 // in the AWS GovCloud User Guide. 7848 // 7849 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 7850 // with this management account, you first must associate a valid payment 7851 // instrument, such as a credit card, with the account. Follow the steps 7852 // at To leave an organization when all required account information has 7853 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7854 // in the AWS Organizations User Guide. 7855 // 7856 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 7857 // to register more delegated administrators than allowed for the service 7858 // principal. 7859 // 7860 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 7861 // number of policies of a certain type that can be attached to an entity 7862 // at one time. 7863 // 7864 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 7865 // on this resource. 7866 // 7867 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 7868 // with this member account, you first must associate a valid payment instrument, 7869 // such as a credit card, with the account. Follow the steps at To leave 7870 // an organization when all required account information has not yet been 7871 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 7872 // in the AWS Organizations User Guide. 7873 // 7874 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 7875 // policy from an entity that would cause the entity to have fewer than the 7876 // minimum number of policies of a certain type required. 7877 // 7878 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 7879 // that requires the organization to be configured to support all features. 7880 // An organization that supports only consolidated billing features can't 7881 // perform this operation. 7882 // 7883 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 7884 // too many levels deep. 7885 // 7886 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 7887 // that you can have in an organization. 7888 // 7889 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 7890 // is larger than the maximum size. 7891 // 7892 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 7893 // policies that you can have in an organization. 7894 // 7895 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 7896 // tags that are not compliant with the tag policy requirements for this 7897 // account. 7898 // 7899 // * InvalidInputException 7900 // The requested operation failed because you provided invalid values for one 7901 // or more of the request parameters. This exception includes a reason that 7902 // contains additional information about the violated limit: 7903 // 7904 // Some of the reasons in the following list might not be applicable to this 7905 // specific API or operation. 7906 // 7907 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 7908 // the same entity. 7909 // 7910 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 7911 // can't be modified. 7912 // 7913 // * INPUT_REQUIRED: You must include a value for all required parameters. 7914 // 7915 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 7916 // for the invited account owner. 7917 // 7918 // * INVALID_ENUM: You specified an invalid value. 7919 // 7920 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 7921 // 7922 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 7923 // characters. 7924 // 7925 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 7926 // at least one invalid value. 7927 // 7928 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 7929 // from the response to a previous call of the operation. 7930 // 7931 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 7932 // organization, or email) as a party. 7933 // 7934 // * INVALID_PATTERN: You provided a value that doesn't match the required 7935 // pattern. 7936 // 7937 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 7938 // match the required pattern. 7939 // 7940 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 7941 // name can't begin with the reserved prefix AWSServiceRoleFor. 7942 // 7943 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 7944 // Name (ARN) for the organization. 7945 // 7946 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 7947 // 7948 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 7949 // tag. You can’t add, edit, or delete system tag keys because they're 7950 // reserved for AWS use. System tags don’t count against your tags per 7951 // resource limit. 7952 // 7953 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 7954 // for the operation. 7955 // 7956 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 7957 // than allowed. 7958 // 7959 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 7960 // value than allowed. 7961 // 7962 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 7963 // than allowed. 7964 // 7965 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 7966 // value than allowed. 7967 // 7968 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 7969 // between entities in the same root. 7970 // 7971 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 7972 // target entity. 7973 // 7974 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 7975 // isn't recognized. 7976 // 7977 // * MasterCannotLeaveOrganizationException 7978 // You can't remove a management account from an organization. If you want the 7979 // management account to become a member account in another organization, you 7980 // must first delete the current organization of the management account. 7981 // 7982 // * ServiceException 7983 // AWS Organizations can't complete your request because of an internal service 7984 // error. Try again later. 7985 // 7986 // * TooManyRequestsException 7987 // You have sent too many requests in too short a period of time. The quota 7988 // helps protect against denial-of-service attacks. Try again later. 7989 // 7990 // For information about quotas that affect AWS Organizations, see Quotas for 7991 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 7992 // the AWS Organizations User Guide. 7993 // 7994 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization 7995 func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) { 7996 req, out := c.LeaveOrganizationRequest(input) 7997 return out, req.Send() 7998 } 7999 8000 // LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of 8001 // the ability to pass a context and additional request options. 8002 // 8003 // See LeaveOrganization for details on how to use this API operation. 8004 // 8005 // The context must be non-nil and will be used for request cancellation. If 8006 // the context is nil a panic will occur. In the future the SDK may create 8007 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8008 // for more information on using Contexts. 8009 func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) { 8010 req, out := c.LeaveOrganizationRequest(input) 8011 req.SetContext(ctx) 8012 req.ApplyOptions(opts...) 8013 return out, req.Send() 8014 } 8015 8016 const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization" 8017 8018 // ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the 8019 // client's request for the ListAWSServiceAccessForOrganization operation. The "output" return 8020 // value will be populated with the request's response once the request completes 8021 // successfully. 8022 // 8023 // Use "Send" method on the returned Request to send the API call to the service. 8024 // the "output" return value is not valid until after Send returns without error. 8025 // 8026 // See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization 8027 // API call, and error handling. 8028 // 8029 // This method is useful when you want to inject custom logic or configuration 8030 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 8031 // 8032 // 8033 // // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method. 8034 // req, resp := client.ListAWSServiceAccessForOrganizationRequest(params) 8035 // 8036 // err := req.Send() 8037 // if err == nil { // resp is now filled 8038 // fmt.Println(resp) 8039 // } 8040 // 8041 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 8042 func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) { 8043 op := &request.Operation{ 8044 Name: opListAWSServiceAccessForOrganization, 8045 HTTPMethod: "POST", 8046 HTTPPath: "/", 8047 Paginator: &request.Paginator{ 8048 InputTokens: []string{"NextToken"}, 8049 OutputTokens: []string{"NextToken"}, 8050 LimitToken: "MaxResults", 8051 TruncationToken: "", 8052 }, 8053 } 8054 8055 if input == nil { 8056 input = &ListAWSServiceAccessForOrganizationInput{} 8057 } 8058 8059 output = &ListAWSServiceAccessForOrganizationOutput{} 8060 req = c.newRequest(op, input, output) 8061 return 8062 } 8063 8064 // ListAWSServiceAccessForOrganization API operation for AWS Organizations. 8065 // 8066 // Returns a list of the AWS services that you enabled to integrate with your 8067 // organization. After a service on this list creates the resources that it 8068 // requires for the integration, it can perform operations on your organization 8069 // and its accounts. 8070 // 8071 // For more information about integrating other services with AWS Organizations, 8072 // including the list of services that currently work with Organizations, see 8073 // Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html) 8074 // in the AWS Organizations User Guide. 8075 // 8076 // This operation can be called only from the organization's management account 8077 // or by a member account that is a delegated administrator for an AWS service. 8078 // 8079 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8080 // with awserr.Error's Code and Message methods to get detailed information about 8081 // the error. 8082 // 8083 // See the AWS API reference guide for AWS Organizations's 8084 // API operation ListAWSServiceAccessForOrganization for usage and error information. 8085 // 8086 // Returned Error Types: 8087 // * AccessDeniedException 8088 // You don't have permissions to perform the requested operation. The user or 8089 // role that is making the request must have at least one IAM permissions policy 8090 // attached that grants the required permissions. For more information, see 8091 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8092 // in the IAM User Guide. 8093 // 8094 // * AWSOrganizationsNotInUseException 8095 // Your account isn't a member of an organization. To make this request, you 8096 // must use the credentials of an account that belongs to an organization. 8097 // 8098 // * ConstraintViolationException 8099 // Performing this operation violates a minimum or maximum value limit. For 8100 // example, attempting to remove the last service control policy (SCP) from 8101 // an OU or root, inviting or creating too many accounts to the organization, 8102 // or attaching too many policies to an account, OU, or root. This exception 8103 // includes a reason that contains additional information about the violated 8104 // limit: 8105 // 8106 // Some of the reasons in the following list might not be applicable to this 8107 // specific API or operation. 8108 // 8109 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 8110 // account from the organization. You can't remove the management account. 8111 // Instead, after you remove all member accounts, delete the organization 8112 // itself. 8113 // 8114 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 8115 // from the organization that doesn't yet have enough information to exist 8116 // as a standalone account. This account requires you to first agree to the 8117 // AWS Customer Agreement. Follow the steps at Removing a member account 8118 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 8119 // the AWS Organizations User Guide. 8120 // 8121 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 8122 // an account from the organization that doesn't yet have enough information 8123 // to exist as a standalone account. This account requires you to first complete 8124 // phone verification. Follow the steps at Removing a member account from 8125 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 8126 // in the AWS Organizations User Guide. 8127 // 8128 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 8129 // of accounts that you can create in one day. 8130 // 8131 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 8132 // the number of accounts in an organization. If you need more accounts, 8133 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 8134 // request an increase in your limit. Or the number of invitations that you 8135 // tried to send would cause you to exceed the limit of accounts in your 8136 // organization. Send fewer invitations or contact AWS Support to request 8137 // an increase in the number of accounts. Deleted and closed accounts still 8138 // count toward your limit. If you get this exception when running a command 8139 // immediately after creating the organization, wait one hour and try again. 8140 // After an hour, if the command continues to fail with this error, contact 8141 // AWS Support (https://console.aws.amazon.com/support/home#/). 8142 // 8143 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 8144 // register the management account of the organization as a delegated administrator 8145 // for an AWS service integrated with Organizations. You can designate only 8146 // a member account as a delegated administrator. 8147 // 8148 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 8149 // an account that is registered as a delegated administrator for a service 8150 // integrated with your organization. To complete this operation, you must 8151 // first deregister this account as a delegated administrator. 8152 // 8153 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 8154 // organization in the specified region, you must enable all features mode. 8155 // 8156 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 8157 // an AWS account as a delegated administrator for an AWS service that already 8158 // has a delegated administrator. To complete this operation, you must first 8159 // deregister any existing delegated administrators for this service. 8160 // 8161 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 8162 // valid for a limited period of time. You must resubmit the request and 8163 // generate a new verfication code. 8164 // 8165 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 8166 // handshakes that you can send in one day. 8167 // 8168 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 8169 // in this organization, you first must migrate the organization's management 8170 // account to the marketplace that corresponds to the management account's 8171 // address. For example, accounts with India addresses must be associated 8172 // with the AISPL marketplace. All accounts in an organization must be associated 8173 // with the same marketplace. 8174 // 8175 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 8176 // in China. To create an organization, the master must have a valid business 8177 // license. For more information, contact customer support. 8178 // 8179 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 8180 // must first provide a valid contact address and phone number for the management 8181 // account. Then try the operation again. 8182 // 8183 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 8184 // management account must have an associated account in the AWS GovCloud 8185 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 8186 // in the AWS GovCloud User Guide. 8187 // 8188 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 8189 // with this management account, you first must associate a valid payment 8190 // instrument, such as a credit card, with the account. Follow the steps 8191 // at To leave an organization when all required account information has 8192 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 8193 // in the AWS Organizations User Guide. 8194 // 8195 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 8196 // to register more delegated administrators than allowed for the service 8197 // principal. 8198 // 8199 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 8200 // number of policies of a certain type that can be attached to an entity 8201 // at one time. 8202 // 8203 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 8204 // on this resource. 8205 // 8206 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 8207 // with this member account, you first must associate a valid payment instrument, 8208 // such as a credit card, with the account. Follow the steps at To leave 8209 // an organization when all required account information has not yet been 8210 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 8211 // in the AWS Organizations User Guide. 8212 // 8213 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 8214 // policy from an entity that would cause the entity to have fewer than the 8215 // minimum number of policies of a certain type required. 8216 // 8217 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 8218 // that requires the organization to be configured to support all features. 8219 // An organization that supports only consolidated billing features can't 8220 // perform this operation. 8221 // 8222 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 8223 // too many levels deep. 8224 // 8225 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 8226 // that you can have in an organization. 8227 // 8228 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 8229 // is larger than the maximum size. 8230 // 8231 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 8232 // policies that you can have in an organization. 8233 // 8234 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 8235 // tags that are not compliant with the tag policy requirements for this 8236 // account. 8237 // 8238 // * InvalidInputException 8239 // The requested operation failed because you provided invalid values for one 8240 // or more of the request parameters. This exception includes a reason that 8241 // contains additional information about the violated limit: 8242 // 8243 // Some of the reasons in the following list might not be applicable to this 8244 // specific API or operation. 8245 // 8246 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 8247 // the same entity. 8248 // 8249 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8250 // can't be modified. 8251 // 8252 // * INPUT_REQUIRED: You must include a value for all required parameters. 8253 // 8254 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 8255 // for the invited account owner. 8256 // 8257 // * INVALID_ENUM: You specified an invalid value. 8258 // 8259 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 8260 // 8261 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8262 // characters. 8263 // 8264 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8265 // at least one invalid value. 8266 // 8267 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8268 // from the response to a previous call of the operation. 8269 // 8270 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8271 // organization, or email) as a party. 8272 // 8273 // * INVALID_PATTERN: You provided a value that doesn't match the required 8274 // pattern. 8275 // 8276 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8277 // match the required pattern. 8278 // 8279 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8280 // name can't begin with the reserved prefix AWSServiceRoleFor. 8281 // 8282 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8283 // Name (ARN) for the organization. 8284 // 8285 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8286 // 8287 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8288 // tag. You can’t add, edit, or delete system tag keys because they're 8289 // reserved for AWS use. System tags don’t count against your tags per 8290 // resource limit. 8291 // 8292 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8293 // for the operation. 8294 // 8295 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8296 // than allowed. 8297 // 8298 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8299 // value than allowed. 8300 // 8301 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8302 // than allowed. 8303 // 8304 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8305 // value than allowed. 8306 // 8307 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8308 // between entities in the same root. 8309 // 8310 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 8311 // target entity. 8312 // 8313 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 8314 // isn't recognized. 8315 // 8316 // * ServiceException 8317 // AWS Organizations can't complete your request because of an internal service 8318 // error. Try again later. 8319 // 8320 // * TooManyRequestsException 8321 // You have sent too many requests in too short a period of time. The quota 8322 // helps protect against denial-of-service attacks. Try again later. 8323 // 8324 // For information about quotas that affect AWS Organizations, see Quotas for 8325 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 8326 // the AWS Organizations User Guide. 8327 // 8328 // * UnsupportedAPIEndpointException 8329 // This action isn't available in the current AWS Region. 8330 // 8331 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization 8332 func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) { 8333 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 8334 return out, req.Send() 8335 } 8336 8337 // ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of 8338 // the ability to pass a context and additional request options. 8339 // 8340 // See ListAWSServiceAccessForOrganization for details on how to use this API operation. 8341 // 8342 // The context must be non-nil and will be used for request cancellation. If 8343 // the context is nil a panic will occur. In the future the SDK may create 8344 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8345 // for more information on using Contexts. 8346 func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) { 8347 req, out := c.ListAWSServiceAccessForOrganizationRequest(input) 8348 req.SetContext(ctx) 8349 req.ApplyOptions(opts...) 8350 return out, req.Send() 8351 } 8352 8353 // ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation, 8354 // calling the "fn" function with the response data for each page. To stop 8355 // iterating, return false from the fn function. 8356 // 8357 // See ListAWSServiceAccessForOrganization method for more information on how to use this operation. 8358 // 8359 // Note: This operation can generate multiple requests to a service. 8360 // 8361 // // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation. 8362 // pageNum := 0 8363 // err := client.ListAWSServiceAccessForOrganizationPages(params, 8364 // func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool { 8365 // pageNum++ 8366 // fmt.Println(page) 8367 // return pageNum <= 3 8368 // }) 8369 // 8370 func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error { 8371 return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 8372 } 8373 8374 // ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except 8375 // it takes a Context and allows setting request options on the pages. 8376 // 8377 // The context must be non-nil and will be used for request cancellation. If 8378 // the context is nil a panic will occur. In the future the SDK may create 8379 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8380 // for more information on using Contexts. 8381 func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error { 8382 p := request.Pagination{ 8383 NewRequest: func() (*request.Request, error) { 8384 var inCpy *ListAWSServiceAccessForOrganizationInput 8385 if input != nil { 8386 tmp := *input 8387 inCpy = &tmp 8388 } 8389 req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy) 8390 req.SetContext(ctx) 8391 req.ApplyOptions(opts...) 8392 return req, nil 8393 }, 8394 } 8395 8396 for p.Next() { 8397 if !fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) { 8398 break 8399 } 8400 } 8401 8402 return p.Err() 8403 } 8404 8405 const opListAccounts = "ListAccounts" 8406 8407 // ListAccountsRequest generates a "aws/request.Request" representing the 8408 // client's request for the ListAccounts operation. The "output" return 8409 // value will be populated with the request's response once the request completes 8410 // successfully. 8411 // 8412 // Use "Send" method on the returned Request to send the API call to the service. 8413 // the "output" return value is not valid until after Send returns without error. 8414 // 8415 // See ListAccounts for more information on using the ListAccounts 8416 // API call, and error handling. 8417 // 8418 // This method is useful when you want to inject custom logic or configuration 8419 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 8420 // 8421 // 8422 // // Example sending a request using the ListAccountsRequest method. 8423 // req, resp := client.ListAccountsRequest(params) 8424 // 8425 // err := req.Send() 8426 // if err == nil { // resp is now filled 8427 // fmt.Println(resp) 8428 // } 8429 // 8430 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 8431 func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) { 8432 op := &request.Operation{ 8433 Name: opListAccounts, 8434 HTTPMethod: "POST", 8435 HTTPPath: "/", 8436 Paginator: &request.Paginator{ 8437 InputTokens: []string{"NextToken"}, 8438 OutputTokens: []string{"NextToken"}, 8439 LimitToken: "MaxResults", 8440 TruncationToken: "", 8441 }, 8442 } 8443 8444 if input == nil { 8445 input = &ListAccountsInput{} 8446 } 8447 8448 output = &ListAccountsOutput{} 8449 req = c.newRequest(op, input, output) 8450 return 8451 } 8452 8453 // ListAccounts API operation for AWS Organizations. 8454 // 8455 // Lists all the accounts in the organization. To request only the accounts 8456 // in a specified root or organizational unit (OU), use the ListAccountsForParent 8457 // operation instead. 8458 // 8459 // Always check the NextToken response parameter for a null value when calling 8460 // a List* operation. These operations can occasionally return an empty set 8461 // of results even when there are more results available. The NextToken response 8462 // parameter value is null only when there are no more results to display. 8463 // 8464 // This operation can be called only from the organization's management account 8465 // or by a member account that is a delegated administrator for an AWS service. 8466 // 8467 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8468 // with awserr.Error's Code and Message methods to get detailed information about 8469 // the error. 8470 // 8471 // See the AWS API reference guide for AWS Organizations's 8472 // API operation ListAccounts for usage and error information. 8473 // 8474 // Returned Error Types: 8475 // * AccessDeniedException 8476 // You don't have permissions to perform the requested operation. The user or 8477 // role that is making the request must have at least one IAM permissions policy 8478 // attached that grants the required permissions. For more information, see 8479 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8480 // in the IAM User Guide. 8481 // 8482 // * AWSOrganizationsNotInUseException 8483 // Your account isn't a member of an organization. To make this request, you 8484 // must use the credentials of an account that belongs to an organization. 8485 // 8486 // * InvalidInputException 8487 // The requested operation failed because you provided invalid values for one 8488 // or more of the request parameters. This exception includes a reason that 8489 // contains additional information about the violated limit: 8490 // 8491 // Some of the reasons in the following list might not be applicable to this 8492 // specific API or operation. 8493 // 8494 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 8495 // the same entity. 8496 // 8497 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8498 // can't be modified. 8499 // 8500 // * INPUT_REQUIRED: You must include a value for all required parameters. 8501 // 8502 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 8503 // for the invited account owner. 8504 // 8505 // * INVALID_ENUM: You specified an invalid value. 8506 // 8507 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 8508 // 8509 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8510 // characters. 8511 // 8512 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8513 // at least one invalid value. 8514 // 8515 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8516 // from the response to a previous call of the operation. 8517 // 8518 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8519 // organization, or email) as a party. 8520 // 8521 // * INVALID_PATTERN: You provided a value that doesn't match the required 8522 // pattern. 8523 // 8524 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8525 // match the required pattern. 8526 // 8527 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8528 // name can't begin with the reserved prefix AWSServiceRoleFor. 8529 // 8530 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8531 // Name (ARN) for the organization. 8532 // 8533 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8534 // 8535 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8536 // tag. You can’t add, edit, or delete system tag keys because they're 8537 // reserved for AWS use. System tags don’t count against your tags per 8538 // resource limit. 8539 // 8540 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8541 // for the operation. 8542 // 8543 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8544 // than allowed. 8545 // 8546 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8547 // value than allowed. 8548 // 8549 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8550 // than allowed. 8551 // 8552 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8553 // value than allowed. 8554 // 8555 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8556 // between entities in the same root. 8557 // 8558 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 8559 // target entity. 8560 // 8561 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 8562 // isn't recognized. 8563 // 8564 // * ServiceException 8565 // AWS Organizations can't complete your request because of an internal service 8566 // error. Try again later. 8567 // 8568 // * TooManyRequestsException 8569 // You have sent too many requests in too short a period of time. The quota 8570 // helps protect against denial-of-service attacks. Try again later. 8571 // 8572 // For information about quotas that affect AWS Organizations, see Quotas for 8573 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 8574 // the AWS Organizations User Guide. 8575 // 8576 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts 8577 func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) { 8578 req, out := c.ListAccountsRequest(input) 8579 return out, req.Send() 8580 } 8581 8582 // ListAccountsWithContext is the same as ListAccounts with the addition of 8583 // the ability to pass a context and additional request options. 8584 // 8585 // See ListAccounts for details on how to use this API operation. 8586 // 8587 // The context must be non-nil and will be used for request cancellation. If 8588 // the context is nil a panic will occur. In the future the SDK may create 8589 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8590 // for more information on using Contexts. 8591 func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) { 8592 req, out := c.ListAccountsRequest(input) 8593 req.SetContext(ctx) 8594 req.ApplyOptions(opts...) 8595 return out, req.Send() 8596 } 8597 8598 // ListAccountsPages iterates over the pages of a ListAccounts operation, 8599 // calling the "fn" function with the response data for each page. To stop 8600 // iterating, return false from the fn function. 8601 // 8602 // See ListAccounts method for more information on how to use this operation. 8603 // 8604 // Note: This operation can generate multiple requests to a service. 8605 // 8606 // // Example iterating over at most 3 pages of a ListAccounts operation. 8607 // pageNum := 0 8608 // err := client.ListAccountsPages(params, 8609 // func(page *organizations.ListAccountsOutput, lastPage bool) bool { 8610 // pageNum++ 8611 // fmt.Println(page) 8612 // return pageNum <= 3 8613 // }) 8614 // 8615 func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error { 8616 return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn) 8617 } 8618 8619 // ListAccountsPagesWithContext same as ListAccountsPages except 8620 // it takes a Context and allows setting request options on the pages. 8621 // 8622 // The context must be non-nil and will be used for request cancellation. If 8623 // the context is nil a panic will occur. In the future the SDK may create 8624 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8625 // for more information on using Contexts. 8626 func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error { 8627 p := request.Pagination{ 8628 NewRequest: func() (*request.Request, error) { 8629 var inCpy *ListAccountsInput 8630 if input != nil { 8631 tmp := *input 8632 inCpy = &tmp 8633 } 8634 req, _ := c.ListAccountsRequest(inCpy) 8635 req.SetContext(ctx) 8636 req.ApplyOptions(opts...) 8637 return req, nil 8638 }, 8639 } 8640 8641 for p.Next() { 8642 if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) { 8643 break 8644 } 8645 } 8646 8647 return p.Err() 8648 } 8649 8650 const opListAccountsForParent = "ListAccountsForParent" 8651 8652 // ListAccountsForParentRequest generates a "aws/request.Request" representing the 8653 // client's request for the ListAccountsForParent operation. The "output" return 8654 // value will be populated with the request's response once the request completes 8655 // successfully. 8656 // 8657 // Use "Send" method on the returned Request to send the API call to the service. 8658 // the "output" return value is not valid until after Send returns without error. 8659 // 8660 // See ListAccountsForParent for more information on using the ListAccountsForParent 8661 // API call, and error handling. 8662 // 8663 // This method is useful when you want to inject custom logic or configuration 8664 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 8665 // 8666 // 8667 // // Example sending a request using the ListAccountsForParentRequest method. 8668 // req, resp := client.ListAccountsForParentRequest(params) 8669 // 8670 // err := req.Send() 8671 // if err == nil { // resp is now filled 8672 // fmt.Println(resp) 8673 // } 8674 // 8675 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 8676 func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) { 8677 op := &request.Operation{ 8678 Name: opListAccountsForParent, 8679 HTTPMethod: "POST", 8680 HTTPPath: "/", 8681 Paginator: &request.Paginator{ 8682 InputTokens: []string{"NextToken"}, 8683 OutputTokens: []string{"NextToken"}, 8684 LimitToken: "MaxResults", 8685 TruncationToken: "", 8686 }, 8687 } 8688 8689 if input == nil { 8690 input = &ListAccountsForParentInput{} 8691 } 8692 8693 output = &ListAccountsForParentOutput{} 8694 req = c.newRequest(op, input, output) 8695 return 8696 } 8697 8698 // ListAccountsForParent API operation for AWS Organizations. 8699 // 8700 // Lists the accounts in an organization that are contained by the specified 8701 // target root or organizational unit (OU). If you specify the root, you get 8702 // a list of all the accounts that aren't in any OU. If you specify an OU, you 8703 // get a list of all the accounts in only that OU and not in any child OUs. 8704 // To get a list of all accounts in the organization, use the ListAccounts operation. 8705 // 8706 // Always check the NextToken response parameter for a null value when calling 8707 // a List* operation. These operations can occasionally return an empty set 8708 // of results even when there are more results available. The NextToken response 8709 // parameter value is null only when there are no more results to display. 8710 // 8711 // This operation can be called only from the organization's management account 8712 // or by a member account that is a delegated administrator for an AWS service. 8713 // 8714 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8715 // with awserr.Error's Code and Message methods to get detailed information about 8716 // the error. 8717 // 8718 // See the AWS API reference guide for AWS Organizations's 8719 // API operation ListAccountsForParent for usage and error information. 8720 // 8721 // Returned Error Types: 8722 // * AccessDeniedException 8723 // You don't have permissions to perform the requested operation. The user or 8724 // role that is making the request must have at least one IAM permissions policy 8725 // attached that grants the required permissions. For more information, see 8726 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8727 // in the IAM User Guide. 8728 // 8729 // * AWSOrganizationsNotInUseException 8730 // Your account isn't a member of an organization. To make this request, you 8731 // must use the credentials of an account that belongs to an organization. 8732 // 8733 // * InvalidInputException 8734 // The requested operation failed because you provided invalid values for one 8735 // or more of the request parameters. This exception includes a reason that 8736 // contains additional information about the violated limit: 8737 // 8738 // Some of the reasons in the following list might not be applicable to this 8739 // specific API or operation. 8740 // 8741 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 8742 // the same entity. 8743 // 8744 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8745 // can't be modified. 8746 // 8747 // * INPUT_REQUIRED: You must include a value for all required parameters. 8748 // 8749 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 8750 // for the invited account owner. 8751 // 8752 // * INVALID_ENUM: You specified an invalid value. 8753 // 8754 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 8755 // 8756 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 8757 // characters. 8758 // 8759 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 8760 // at least one invalid value. 8761 // 8762 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 8763 // from the response to a previous call of the operation. 8764 // 8765 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 8766 // organization, or email) as a party. 8767 // 8768 // * INVALID_PATTERN: You provided a value that doesn't match the required 8769 // pattern. 8770 // 8771 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 8772 // match the required pattern. 8773 // 8774 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 8775 // name can't begin with the reserved prefix AWSServiceRoleFor. 8776 // 8777 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 8778 // Name (ARN) for the organization. 8779 // 8780 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 8781 // 8782 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 8783 // tag. You can’t add, edit, or delete system tag keys because they're 8784 // reserved for AWS use. System tags don’t count against your tags per 8785 // resource limit. 8786 // 8787 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 8788 // for the operation. 8789 // 8790 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 8791 // than allowed. 8792 // 8793 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 8794 // value than allowed. 8795 // 8796 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 8797 // than allowed. 8798 // 8799 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 8800 // value than allowed. 8801 // 8802 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 8803 // between entities in the same root. 8804 // 8805 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 8806 // target entity. 8807 // 8808 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 8809 // isn't recognized. 8810 // 8811 // * ParentNotFoundException 8812 // We can't find a root or OU with the ParentId that you specified. 8813 // 8814 // * ServiceException 8815 // AWS Organizations can't complete your request because of an internal service 8816 // error. Try again later. 8817 // 8818 // * TooManyRequestsException 8819 // You have sent too many requests in too short a period of time. The quota 8820 // helps protect against denial-of-service attacks. Try again later. 8821 // 8822 // For information about quotas that affect AWS Organizations, see Quotas for 8823 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 8824 // the AWS Organizations User Guide. 8825 // 8826 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent 8827 func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) { 8828 req, out := c.ListAccountsForParentRequest(input) 8829 return out, req.Send() 8830 } 8831 8832 // ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of 8833 // the ability to pass a context and additional request options. 8834 // 8835 // See ListAccountsForParent for details on how to use this API operation. 8836 // 8837 // The context must be non-nil and will be used for request cancellation. If 8838 // the context is nil a panic will occur. In the future the SDK may create 8839 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8840 // for more information on using Contexts. 8841 func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) { 8842 req, out := c.ListAccountsForParentRequest(input) 8843 req.SetContext(ctx) 8844 req.ApplyOptions(opts...) 8845 return out, req.Send() 8846 } 8847 8848 // ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation, 8849 // calling the "fn" function with the response data for each page. To stop 8850 // iterating, return false from the fn function. 8851 // 8852 // See ListAccountsForParent method for more information on how to use this operation. 8853 // 8854 // Note: This operation can generate multiple requests to a service. 8855 // 8856 // // Example iterating over at most 3 pages of a ListAccountsForParent operation. 8857 // pageNum := 0 8858 // err := client.ListAccountsForParentPages(params, 8859 // func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool { 8860 // pageNum++ 8861 // fmt.Println(page) 8862 // return pageNum <= 3 8863 // }) 8864 // 8865 func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error { 8866 return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 8867 } 8868 8869 // ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except 8870 // it takes a Context and allows setting request options on the pages. 8871 // 8872 // The context must be non-nil and will be used for request cancellation. If 8873 // the context is nil a panic will occur. In the future the SDK may create 8874 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 8875 // for more information on using Contexts. 8876 func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error { 8877 p := request.Pagination{ 8878 NewRequest: func() (*request.Request, error) { 8879 var inCpy *ListAccountsForParentInput 8880 if input != nil { 8881 tmp := *input 8882 inCpy = &tmp 8883 } 8884 req, _ := c.ListAccountsForParentRequest(inCpy) 8885 req.SetContext(ctx) 8886 req.ApplyOptions(opts...) 8887 return req, nil 8888 }, 8889 } 8890 8891 for p.Next() { 8892 if !fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) { 8893 break 8894 } 8895 } 8896 8897 return p.Err() 8898 } 8899 8900 const opListChildren = "ListChildren" 8901 8902 // ListChildrenRequest generates a "aws/request.Request" representing the 8903 // client's request for the ListChildren operation. The "output" return 8904 // value will be populated with the request's response once the request completes 8905 // successfully. 8906 // 8907 // Use "Send" method on the returned Request to send the API call to the service. 8908 // the "output" return value is not valid until after Send returns without error. 8909 // 8910 // See ListChildren for more information on using the ListChildren 8911 // API call, and error handling. 8912 // 8913 // This method is useful when you want to inject custom logic or configuration 8914 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 8915 // 8916 // 8917 // // Example sending a request using the ListChildrenRequest method. 8918 // req, resp := client.ListChildrenRequest(params) 8919 // 8920 // err := req.Send() 8921 // if err == nil { // resp is now filled 8922 // fmt.Println(resp) 8923 // } 8924 // 8925 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 8926 func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) { 8927 op := &request.Operation{ 8928 Name: opListChildren, 8929 HTTPMethod: "POST", 8930 HTTPPath: "/", 8931 Paginator: &request.Paginator{ 8932 InputTokens: []string{"NextToken"}, 8933 OutputTokens: []string{"NextToken"}, 8934 LimitToken: "MaxResults", 8935 TruncationToken: "", 8936 }, 8937 } 8938 8939 if input == nil { 8940 input = &ListChildrenInput{} 8941 } 8942 8943 output = &ListChildrenOutput{} 8944 req = c.newRequest(op, input, output) 8945 return 8946 } 8947 8948 // ListChildren API operation for AWS Organizations. 8949 // 8950 // Lists all of the organizational units (OUs) or accounts that are contained 8951 // in the specified parent OU or root. This operation, along with ListParents 8952 // enables you to traverse the tree structure that makes up this root. 8953 // 8954 // Always check the NextToken response parameter for a null value when calling 8955 // a List* operation. These operations can occasionally return an empty set 8956 // of results even when there are more results available. The NextToken response 8957 // parameter value is null only when there are no more results to display. 8958 // 8959 // This operation can be called only from the organization's management account 8960 // or by a member account that is a delegated administrator for an AWS service. 8961 // 8962 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 8963 // with awserr.Error's Code and Message methods to get detailed information about 8964 // the error. 8965 // 8966 // See the AWS API reference guide for AWS Organizations's 8967 // API operation ListChildren for usage and error information. 8968 // 8969 // Returned Error Types: 8970 // * AccessDeniedException 8971 // You don't have permissions to perform the requested operation. The user or 8972 // role that is making the request must have at least one IAM permissions policy 8973 // attached that grants the required permissions. For more information, see 8974 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 8975 // in the IAM User Guide. 8976 // 8977 // * AWSOrganizationsNotInUseException 8978 // Your account isn't a member of an organization. To make this request, you 8979 // must use the credentials of an account that belongs to an organization. 8980 // 8981 // * InvalidInputException 8982 // The requested operation failed because you provided invalid values for one 8983 // or more of the request parameters. This exception includes a reason that 8984 // contains additional information about the violated limit: 8985 // 8986 // Some of the reasons in the following list might not be applicable to this 8987 // specific API or operation. 8988 // 8989 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 8990 // the same entity. 8991 // 8992 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 8993 // can't be modified. 8994 // 8995 // * INPUT_REQUIRED: You must include a value for all required parameters. 8996 // 8997 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 8998 // for the invited account owner. 8999 // 9000 // * INVALID_ENUM: You specified an invalid value. 9001 // 9002 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 9003 // 9004 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9005 // characters. 9006 // 9007 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9008 // at least one invalid value. 9009 // 9010 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9011 // from the response to a previous call of the operation. 9012 // 9013 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9014 // organization, or email) as a party. 9015 // 9016 // * INVALID_PATTERN: You provided a value that doesn't match the required 9017 // pattern. 9018 // 9019 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9020 // match the required pattern. 9021 // 9022 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9023 // name can't begin with the reserved prefix AWSServiceRoleFor. 9024 // 9025 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9026 // Name (ARN) for the organization. 9027 // 9028 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9029 // 9030 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9031 // tag. You can’t add, edit, or delete system tag keys because they're 9032 // reserved for AWS use. System tags don’t count against your tags per 9033 // resource limit. 9034 // 9035 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9036 // for the operation. 9037 // 9038 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9039 // than allowed. 9040 // 9041 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9042 // value than allowed. 9043 // 9044 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9045 // than allowed. 9046 // 9047 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9048 // value than allowed. 9049 // 9050 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9051 // between entities in the same root. 9052 // 9053 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 9054 // target entity. 9055 // 9056 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 9057 // isn't recognized. 9058 // 9059 // * ParentNotFoundException 9060 // We can't find a root or OU with the ParentId that you specified. 9061 // 9062 // * ServiceException 9063 // AWS Organizations can't complete your request because of an internal service 9064 // error. Try again later. 9065 // 9066 // * TooManyRequestsException 9067 // You have sent too many requests in too short a period of time. The quota 9068 // helps protect against denial-of-service attacks. Try again later. 9069 // 9070 // For information about quotas that affect AWS Organizations, see Quotas for 9071 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9072 // the AWS Organizations User Guide. 9073 // 9074 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren 9075 func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) { 9076 req, out := c.ListChildrenRequest(input) 9077 return out, req.Send() 9078 } 9079 9080 // ListChildrenWithContext is the same as ListChildren with the addition of 9081 // the ability to pass a context and additional request options. 9082 // 9083 // See ListChildren for details on how to use this API operation. 9084 // 9085 // The context must be non-nil and will be used for request cancellation. If 9086 // the context is nil a panic will occur. In the future the SDK may create 9087 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9088 // for more information on using Contexts. 9089 func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) { 9090 req, out := c.ListChildrenRequest(input) 9091 req.SetContext(ctx) 9092 req.ApplyOptions(opts...) 9093 return out, req.Send() 9094 } 9095 9096 // ListChildrenPages iterates over the pages of a ListChildren operation, 9097 // calling the "fn" function with the response data for each page. To stop 9098 // iterating, return false from the fn function. 9099 // 9100 // See ListChildren method for more information on how to use this operation. 9101 // 9102 // Note: This operation can generate multiple requests to a service. 9103 // 9104 // // Example iterating over at most 3 pages of a ListChildren operation. 9105 // pageNum := 0 9106 // err := client.ListChildrenPages(params, 9107 // func(page *organizations.ListChildrenOutput, lastPage bool) bool { 9108 // pageNum++ 9109 // fmt.Println(page) 9110 // return pageNum <= 3 9111 // }) 9112 // 9113 func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error { 9114 return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn) 9115 } 9116 9117 // ListChildrenPagesWithContext same as ListChildrenPages except 9118 // it takes a Context and allows setting request options on the pages. 9119 // 9120 // The context must be non-nil and will be used for request cancellation. If 9121 // the context is nil a panic will occur. In the future the SDK may create 9122 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9123 // for more information on using Contexts. 9124 func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error { 9125 p := request.Pagination{ 9126 NewRequest: func() (*request.Request, error) { 9127 var inCpy *ListChildrenInput 9128 if input != nil { 9129 tmp := *input 9130 inCpy = &tmp 9131 } 9132 req, _ := c.ListChildrenRequest(inCpy) 9133 req.SetContext(ctx) 9134 req.ApplyOptions(opts...) 9135 return req, nil 9136 }, 9137 } 9138 9139 for p.Next() { 9140 if !fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) { 9141 break 9142 } 9143 } 9144 9145 return p.Err() 9146 } 9147 9148 const opListCreateAccountStatus = "ListCreateAccountStatus" 9149 9150 // ListCreateAccountStatusRequest generates a "aws/request.Request" representing the 9151 // client's request for the ListCreateAccountStatus operation. The "output" return 9152 // value will be populated with the request's response once the request completes 9153 // successfully. 9154 // 9155 // Use "Send" method on the returned Request to send the API call to the service. 9156 // the "output" return value is not valid until after Send returns without error. 9157 // 9158 // See ListCreateAccountStatus for more information on using the ListCreateAccountStatus 9159 // API call, and error handling. 9160 // 9161 // This method is useful when you want to inject custom logic or configuration 9162 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 9163 // 9164 // 9165 // // Example sending a request using the ListCreateAccountStatusRequest method. 9166 // req, resp := client.ListCreateAccountStatusRequest(params) 9167 // 9168 // err := req.Send() 9169 // if err == nil { // resp is now filled 9170 // fmt.Println(resp) 9171 // } 9172 // 9173 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 9174 func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) { 9175 op := &request.Operation{ 9176 Name: opListCreateAccountStatus, 9177 HTTPMethod: "POST", 9178 HTTPPath: "/", 9179 Paginator: &request.Paginator{ 9180 InputTokens: []string{"NextToken"}, 9181 OutputTokens: []string{"NextToken"}, 9182 LimitToken: "MaxResults", 9183 TruncationToken: "", 9184 }, 9185 } 9186 9187 if input == nil { 9188 input = &ListCreateAccountStatusInput{} 9189 } 9190 9191 output = &ListCreateAccountStatusOutput{} 9192 req = c.newRequest(op, input, output) 9193 return 9194 } 9195 9196 // ListCreateAccountStatus API operation for AWS Organizations. 9197 // 9198 // Lists the account creation requests that match the specified status that 9199 // is currently being tracked for the organization. 9200 // 9201 // Always check the NextToken response parameter for a null value when calling 9202 // a List* operation. These operations can occasionally return an empty set 9203 // of results even when there are more results available. The NextToken response 9204 // parameter value is null only when there are no more results to display. 9205 // 9206 // This operation can be called only from the organization's management account 9207 // or by a member account that is a delegated administrator for an AWS service. 9208 // 9209 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9210 // with awserr.Error's Code and Message methods to get detailed information about 9211 // the error. 9212 // 9213 // See the AWS API reference guide for AWS Organizations's 9214 // API operation ListCreateAccountStatus for usage and error information. 9215 // 9216 // Returned Error Types: 9217 // * AccessDeniedException 9218 // You don't have permissions to perform the requested operation. The user or 9219 // role that is making the request must have at least one IAM permissions policy 9220 // attached that grants the required permissions. For more information, see 9221 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9222 // in the IAM User Guide. 9223 // 9224 // * AWSOrganizationsNotInUseException 9225 // Your account isn't a member of an organization. To make this request, you 9226 // must use the credentials of an account that belongs to an organization. 9227 // 9228 // * InvalidInputException 9229 // The requested operation failed because you provided invalid values for one 9230 // or more of the request parameters. This exception includes a reason that 9231 // contains additional information about the violated limit: 9232 // 9233 // Some of the reasons in the following list might not be applicable to this 9234 // specific API or operation. 9235 // 9236 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 9237 // the same entity. 9238 // 9239 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9240 // can't be modified. 9241 // 9242 // * INPUT_REQUIRED: You must include a value for all required parameters. 9243 // 9244 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 9245 // for the invited account owner. 9246 // 9247 // * INVALID_ENUM: You specified an invalid value. 9248 // 9249 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 9250 // 9251 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9252 // characters. 9253 // 9254 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9255 // at least one invalid value. 9256 // 9257 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9258 // from the response to a previous call of the operation. 9259 // 9260 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9261 // organization, or email) as a party. 9262 // 9263 // * INVALID_PATTERN: You provided a value that doesn't match the required 9264 // pattern. 9265 // 9266 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9267 // match the required pattern. 9268 // 9269 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9270 // name can't begin with the reserved prefix AWSServiceRoleFor. 9271 // 9272 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9273 // Name (ARN) for the organization. 9274 // 9275 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9276 // 9277 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9278 // tag. You can’t add, edit, or delete system tag keys because they're 9279 // reserved for AWS use. System tags don’t count against your tags per 9280 // resource limit. 9281 // 9282 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9283 // for the operation. 9284 // 9285 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9286 // than allowed. 9287 // 9288 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9289 // value than allowed. 9290 // 9291 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9292 // than allowed. 9293 // 9294 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9295 // value than allowed. 9296 // 9297 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9298 // between entities in the same root. 9299 // 9300 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 9301 // target entity. 9302 // 9303 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 9304 // isn't recognized. 9305 // 9306 // * ServiceException 9307 // AWS Organizations can't complete your request because of an internal service 9308 // error. Try again later. 9309 // 9310 // * TooManyRequestsException 9311 // You have sent too many requests in too short a period of time. The quota 9312 // helps protect against denial-of-service attacks. Try again later. 9313 // 9314 // For information about quotas that affect AWS Organizations, see Quotas for 9315 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9316 // the AWS Organizations User Guide. 9317 // 9318 // * UnsupportedAPIEndpointException 9319 // This action isn't available in the current AWS Region. 9320 // 9321 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus 9322 func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) { 9323 req, out := c.ListCreateAccountStatusRequest(input) 9324 return out, req.Send() 9325 } 9326 9327 // ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of 9328 // the ability to pass a context and additional request options. 9329 // 9330 // See ListCreateAccountStatus for details on how to use this API operation. 9331 // 9332 // The context must be non-nil and will be used for request cancellation. If 9333 // the context is nil a panic will occur. In the future the SDK may create 9334 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9335 // for more information on using Contexts. 9336 func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) { 9337 req, out := c.ListCreateAccountStatusRequest(input) 9338 req.SetContext(ctx) 9339 req.ApplyOptions(opts...) 9340 return out, req.Send() 9341 } 9342 9343 // ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation, 9344 // calling the "fn" function with the response data for each page. To stop 9345 // iterating, return false from the fn function. 9346 // 9347 // See ListCreateAccountStatus method for more information on how to use this operation. 9348 // 9349 // Note: This operation can generate multiple requests to a service. 9350 // 9351 // // Example iterating over at most 3 pages of a ListCreateAccountStatus operation. 9352 // pageNum := 0 9353 // err := client.ListCreateAccountStatusPages(params, 9354 // func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool { 9355 // pageNum++ 9356 // fmt.Println(page) 9357 // return pageNum <= 3 9358 // }) 9359 // 9360 func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error { 9361 return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn) 9362 } 9363 9364 // ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except 9365 // it takes a Context and allows setting request options on the pages. 9366 // 9367 // The context must be non-nil and will be used for request cancellation. If 9368 // the context is nil a panic will occur. In the future the SDK may create 9369 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9370 // for more information on using Contexts. 9371 func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error { 9372 p := request.Pagination{ 9373 NewRequest: func() (*request.Request, error) { 9374 var inCpy *ListCreateAccountStatusInput 9375 if input != nil { 9376 tmp := *input 9377 inCpy = &tmp 9378 } 9379 req, _ := c.ListCreateAccountStatusRequest(inCpy) 9380 req.SetContext(ctx) 9381 req.ApplyOptions(opts...) 9382 return req, nil 9383 }, 9384 } 9385 9386 for p.Next() { 9387 if !fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) { 9388 break 9389 } 9390 } 9391 9392 return p.Err() 9393 } 9394 9395 const opListDelegatedAdministrators = "ListDelegatedAdministrators" 9396 9397 // ListDelegatedAdministratorsRequest generates a "aws/request.Request" representing the 9398 // client's request for the ListDelegatedAdministrators operation. The "output" return 9399 // value will be populated with the request's response once the request completes 9400 // successfully. 9401 // 9402 // Use "Send" method on the returned Request to send the API call to the service. 9403 // the "output" return value is not valid until after Send returns without error. 9404 // 9405 // See ListDelegatedAdministrators for more information on using the ListDelegatedAdministrators 9406 // API call, and error handling. 9407 // 9408 // This method is useful when you want to inject custom logic or configuration 9409 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 9410 // 9411 // 9412 // // Example sending a request using the ListDelegatedAdministratorsRequest method. 9413 // req, resp := client.ListDelegatedAdministratorsRequest(params) 9414 // 9415 // err := req.Send() 9416 // if err == nil { // resp is now filled 9417 // fmt.Println(resp) 9418 // } 9419 // 9420 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators 9421 func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedAdministratorsInput) (req *request.Request, output *ListDelegatedAdministratorsOutput) { 9422 op := &request.Operation{ 9423 Name: opListDelegatedAdministrators, 9424 HTTPMethod: "POST", 9425 HTTPPath: "/", 9426 Paginator: &request.Paginator{ 9427 InputTokens: []string{"NextToken"}, 9428 OutputTokens: []string{"NextToken"}, 9429 LimitToken: "MaxResults", 9430 TruncationToken: "", 9431 }, 9432 } 9433 9434 if input == nil { 9435 input = &ListDelegatedAdministratorsInput{} 9436 } 9437 9438 output = &ListDelegatedAdministratorsOutput{} 9439 req = c.newRequest(op, input, output) 9440 return 9441 } 9442 9443 // ListDelegatedAdministrators API operation for AWS Organizations. 9444 // 9445 // Lists the AWS accounts that are designated as delegated administrators in 9446 // this organization. 9447 // 9448 // This operation can be called only from the organization's management account 9449 // or by a member account that is a delegated administrator for an AWS service. 9450 // 9451 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9452 // with awserr.Error's Code and Message methods to get detailed information about 9453 // the error. 9454 // 9455 // See the AWS API reference guide for AWS Organizations's 9456 // API operation ListDelegatedAdministrators for usage and error information. 9457 // 9458 // Returned Error Types: 9459 // * AccessDeniedException 9460 // You don't have permissions to perform the requested operation. The user or 9461 // role that is making the request must have at least one IAM permissions policy 9462 // attached that grants the required permissions. For more information, see 9463 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9464 // in the IAM User Guide. 9465 // 9466 // * AWSOrganizationsNotInUseException 9467 // Your account isn't a member of an organization. To make this request, you 9468 // must use the credentials of an account that belongs to an organization. 9469 // 9470 // * ConstraintViolationException 9471 // Performing this operation violates a minimum or maximum value limit. For 9472 // example, attempting to remove the last service control policy (SCP) from 9473 // an OU or root, inviting or creating too many accounts to the organization, 9474 // or attaching too many policies to an account, OU, or root. This exception 9475 // includes a reason that contains additional information about the violated 9476 // limit: 9477 // 9478 // Some of the reasons in the following list might not be applicable to this 9479 // specific API or operation. 9480 // 9481 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 9482 // account from the organization. You can't remove the management account. 9483 // Instead, after you remove all member accounts, delete the organization 9484 // itself. 9485 // 9486 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 9487 // from the organization that doesn't yet have enough information to exist 9488 // as a standalone account. This account requires you to first agree to the 9489 // AWS Customer Agreement. Follow the steps at Removing a member account 9490 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 9491 // the AWS Organizations User Guide. 9492 // 9493 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 9494 // an account from the organization that doesn't yet have enough information 9495 // to exist as a standalone account. This account requires you to first complete 9496 // phone verification. Follow the steps at Removing a member account from 9497 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 9498 // in the AWS Organizations User Guide. 9499 // 9500 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 9501 // of accounts that you can create in one day. 9502 // 9503 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 9504 // the number of accounts in an organization. If you need more accounts, 9505 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 9506 // request an increase in your limit. Or the number of invitations that you 9507 // tried to send would cause you to exceed the limit of accounts in your 9508 // organization. Send fewer invitations or contact AWS Support to request 9509 // an increase in the number of accounts. Deleted and closed accounts still 9510 // count toward your limit. If you get this exception when running a command 9511 // immediately after creating the organization, wait one hour and try again. 9512 // After an hour, if the command continues to fail with this error, contact 9513 // AWS Support (https://console.aws.amazon.com/support/home#/). 9514 // 9515 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 9516 // register the management account of the organization as a delegated administrator 9517 // for an AWS service integrated with Organizations. You can designate only 9518 // a member account as a delegated administrator. 9519 // 9520 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 9521 // an account that is registered as a delegated administrator for a service 9522 // integrated with your organization. To complete this operation, you must 9523 // first deregister this account as a delegated administrator. 9524 // 9525 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 9526 // organization in the specified region, you must enable all features mode. 9527 // 9528 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 9529 // an AWS account as a delegated administrator for an AWS service that already 9530 // has a delegated administrator. To complete this operation, you must first 9531 // deregister any existing delegated administrators for this service. 9532 // 9533 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 9534 // valid for a limited period of time. You must resubmit the request and 9535 // generate a new verfication code. 9536 // 9537 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 9538 // handshakes that you can send in one day. 9539 // 9540 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 9541 // in this organization, you first must migrate the organization's management 9542 // account to the marketplace that corresponds to the management account's 9543 // address. For example, accounts with India addresses must be associated 9544 // with the AISPL marketplace. All accounts in an organization must be associated 9545 // with the same marketplace. 9546 // 9547 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 9548 // in China. To create an organization, the master must have a valid business 9549 // license. For more information, contact customer support. 9550 // 9551 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 9552 // must first provide a valid contact address and phone number for the management 9553 // account. Then try the operation again. 9554 // 9555 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 9556 // management account must have an associated account in the AWS GovCloud 9557 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 9558 // in the AWS GovCloud User Guide. 9559 // 9560 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 9561 // with this management account, you first must associate a valid payment 9562 // instrument, such as a credit card, with the account. Follow the steps 9563 // at To leave an organization when all required account information has 9564 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9565 // in the AWS Organizations User Guide. 9566 // 9567 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 9568 // to register more delegated administrators than allowed for the service 9569 // principal. 9570 // 9571 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 9572 // number of policies of a certain type that can be attached to an entity 9573 // at one time. 9574 // 9575 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 9576 // on this resource. 9577 // 9578 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 9579 // with this member account, you first must associate a valid payment instrument, 9580 // such as a credit card, with the account. Follow the steps at To leave 9581 // an organization when all required account information has not yet been 9582 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9583 // in the AWS Organizations User Guide. 9584 // 9585 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 9586 // policy from an entity that would cause the entity to have fewer than the 9587 // minimum number of policies of a certain type required. 9588 // 9589 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 9590 // that requires the organization to be configured to support all features. 9591 // An organization that supports only consolidated billing features can't 9592 // perform this operation. 9593 // 9594 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 9595 // too many levels deep. 9596 // 9597 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 9598 // that you can have in an organization. 9599 // 9600 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 9601 // is larger than the maximum size. 9602 // 9603 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 9604 // policies that you can have in an organization. 9605 // 9606 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 9607 // tags that are not compliant with the tag policy requirements for this 9608 // account. 9609 // 9610 // * InvalidInputException 9611 // The requested operation failed because you provided invalid values for one 9612 // or more of the request parameters. This exception includes a reason that 9613 // contains additional information about the violated limit: 9614 // 9615 // Some of the reasons in the following list might not be applicable to this 9616 // specific API or operation. 9617 // 9618 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 9619 // the same entity. 9620 // 9621 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 9622 // can't be modified. 9623 // 9624 // * INPUT_REQUIRED: You must include a value for all required parameters. 9625 // 9626 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 9627 // for the invited account owner. 9628 // 9629 // * INVALID_ENUM: You specified an invalid value. 9630 // 9631 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 9632 // 9633 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 9634 // characters. 9635 // 9636 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 9637 // at least one invalid value. 9638 // 9639 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 9640 // from the response to a previous call of the operation. 9641 // 9642 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 9643 // organization, or email) as a party. 9644 // 9645 // * INVALID_PATTERN: You provided a value that doesn't match the required 9646 // pattern. 9647 // 9648 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 9649 // match the required pattern. 9650 // 9651 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 9652 // name can't begin with the reserved prefix AWSServiceRoleFor. 9653 // 9654 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 9655 // Name (ARN) for the organization. 9656 // 9657 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 9658 // 9659 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 9660 // tag. You can’t add, edit, or delete system tag keys because they're 9661 // reserved for AWS use. System tags don’t count against your tags per 9662 // resource limit. 9663 // 9664 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 9665 // for the operation. 9666 // 9667 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 9668 // than allowed. 9669 // 9670 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 9671 // value than allowed. 9672 // 9673 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 9674 // than allowed. 9675 // 9676 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 9677 // value than allowed. 9678 // 9679 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 9680 // between entities in the same root. 9681 // 9682 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 9683 // target entity. 9684 // 9685 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 9686 // isn't recognized. 9687 // 9688 // * TooManyRequestsException 9689 // You have sent too many requests in too short a period of time. The quota 9690 // helps protect against denial-of-service attacks. Try again later. 9691 // 9692 // For information about quotas that affect AWS Organizations, see Quotas for 9693 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 9694 // the AWS Organizations User Guide. 9695 // 9696 // * ServiceException 9697 // AWS Organizations can't complete your request because of an internal service 9698 // error. Try again later. 9699 // 9700 // * UnsupportedAPIEndpointException 9701 // This action isn't available in the current AWS Region. 9702 // 9703 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators 9704 func (c *Organizations) ListDelegatedAdministrators(input *ListDelegatedAdministratorsInput) (*ListDelegatedAdministratorsOutput, error) { 9705 req, out := c.ListDelegatedAdministratorsRequest(input) 9706 return out, req.Send() 9707 } 9708 9709 // ListDelegatedAdministratorsWithContext is the same as ListDelegatedAdministrators with the addition of 9710 // the ability to pass a context and additional request options. 9711 // 9712 // See ListDelegatedAdministrators for details on how to use this API operation. 9713 // 9714 // The context must be non-nil and will be used for request cancellation. If 9715 // the context is nil a panic will occur. In the future the SDK may create 9716 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9717 // for more information on using Contexts. 9718 func (c *Organizations) ListDelegatedAdministratorsWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, opts ...request.Option) (*ListDelegatedAdministratorsOutput, error) { 9719 req, out := c.ListDelegatedAdministratorsRequest(input) 9720 req.SetContext(ctx) 9721 req.ApplyOptions(opts...) 9722 return out, req.Send() 9723 } 9724 9725 // ListDelegatedAdministratorsPages iterates over the pages of a ListDelegatedAdministrators operation, 9726 // calling the "fn" function with the response data for each page. To stop 9727 // iterating, return false from the fn function. 9728 // 9729 // See ListDelegatedAdministrators method for more information on how to use this operation. 9730 // 9731 // Note: This operation can generate multiple requests to a service. 9732 // 9733 // // Example iterating over at most 3 pages of a ListDelegatedAdministrators operation. 9734 // pageNum := 0 9735 // err := client.ListDelegatedAdministratorsPages(params, 9736 // func(page *organizations.ListDelegatedAdministratorsOutput, lastPage bool) bool { 9737 // pageNum++ 9738 // fmt.Println(page) 9739 // return pageNum <= 3 9740 // }) 9741 // 9742 func (c *Organizations) ListDelegatedAdministratorsPages(input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool) error { 9743 return c.ListDelegatedAdministratorsPagesWithContext(aws.BackgroundContext(), input, fn) 9744 } 9745 9746 // ListDelegatedAdministratorsPagesWithContext same as ListDelegatedAdministratorsPages except 9747 // it takes a Context and allows setting request options on the pages. 9748 // 9749 // The context must be non-nil and will be used for request cancellation. If 9750 // the context is nil a panic will occur. In the future the SDK may create 9751 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 9752 // for more information on using Contexts. 9753 func (c *Organizations) ListDelegatedAdministratorsPagesWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool, opts ...request.Option) error { 9754 p := request.Pagination{ 9755 NewRequest: func() (*request.Request, error) { 9756 var inCpy *ListDelegatedAdministratorsInput 9757 if input != nil { 9758 tmp := *input 9759 inCpy = &tmp 9760 } 9761 req, _ := c.ListDelegatedAdministratorsRequest(inCpy) 9762 req.SetContext(ctx) 9763 req.ApplyOptions(opts...) 9764 return req, nil 9765 }, 9766 } 9767 9768 for p.Next() { 9769 if !fn(p.Page().(*ListDelegatedAdministratorsOutput), !p.HasNextPage()) { 9770 break 9771 } 9772 } 9773 9774 return p.Err() 9775 } 9776 9777 const opListDelegatedServicesForAccount = "ListDelegatedServicesForAccount" 9778 9779 // ListDelegatedServicesForAccountRequest generates a "aws/request.Request" representing the 9780 // client's request for the ListDelegatedServicesForAccount operation. The "output" return 9781 // value will be populated with the request's response once the request completes 9782 // successfully. 9783 // 9784 // Use "Send" method on the returned Request to send the API call to the service. 9785 // the "output" return value is not valid until after Send returns without error. 9786 // 9787 // See ListDelegatedServicesForAccount for more information on using the ListDelegatedServicesForAccount 9788 // API call, and error handling. 9789 // 9790 // This method is useful when you want to inject custom logic or configuration 9791 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 9792 // 9793 // 9794 // // Example sending a request using the ListDelegatedServicesForAccountRequest method. 9795 // req, resp := client.ListDelegatedServicesForAccountRequest(params) 9796 // 9797 // err := req.Send() 9798 // if err == nil { // resp is now filled 9799 // fmt.Println(resp) 9800 // } 9801 // 9802 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount 9803 func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelegatedServicesForAccountInput) (req *request.Request, output *ListDelegatedServicesForAccountOutput) { 9804 op := &request.Operation{ 9805 Name: opListDelegatedServicesForAccount, 9806 HTTPMethod: "POST", 9807 HTTPPath: "/", 9808 Paginator: &request.Paginator{ 9809 InputTokens: []string{"NextToken"}, 9810 OutputTokens: []string{"NextToken"}, 9811 LimitToken: "MaxResults", 9812 TruncationToken: "", 9813 }, 9814 } 9815 9816 if input == nil { 9817 input = &ListDelegatedServicesForAccountInput{} 9818 } 9819 9820 output = &ListDelegatedServicesForAccountOutput{} 9821 req = c.newRequest(op, input, output) 9822 return 9823 } 9824 9825 // ListDelegatedServicesForAccount API operation for AWS Organizations. 9826 // 9827 // List the AWS services for which the specified account is a delegated administrator. 9828 // 9829 // This operation can be called only from the organization's management account 9830 // or by a member account that is a delegated administrator for an AWS service. 9831 // 9832 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 9833 // with awserr.Error's Code and Message methods to get detailed information about 9834 // the error. 9835 // 9836 // See the AWS API reference guide for AWS Organizations's 9837 // API operation ListDelegatedServicesForAccount for usage and error information. 9838 // 9839 // Returned Error Types: 9840 // * AccessDeniedException 9841 // You don't have permissions to perform the requested operation. The user or 9842 // role that is making the request must have at least one IAM permissions policy 9843 // attached that grants the required permissions. For more information, see 9844 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 9845 // in the IAM User Guide. 9846 // 9847 // * AccountNotFoundException 9848 // We can't find an AWS account with the AccountId that you specified, or the 9849 // account whose credentials you used to make this request isn't a member of 9850 // an organization. 9851 // 9852 // * AccountNotRegisteredException 9853 // The specified account is not a delegated administrator for this AWS service. 9854 // 9855 // * AWSOrganizationsNotInUseException 9856 // Your account isn't a member of an organization. To make this request, you 9857 // must use the credentials of an account that belongs to an organization. 9858 // 9859 // * ConstraintViolationException 9860 // Performing this operation violates a minimum or maximum value limit. For 9861 // example, attempting to remove the last service control policy (SCP) from 9862 // an OU or root, inviting or creating too many accounts to the organization, 9863 // or attaching too many policies to an account, OU, or root. This exception 9864 // includes a reason that contains additional information about the violated 9865 // limit: 9866 // 9867 // Some of the reasons in the following list might not be applicable to this 9868 // specific API or operation. 9869 // 9870 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 9871 // account from the organization. You can't remove the management account. 9872 // Instead, after you remove all member accounts, delete the organization 9873 // itself. 9874 // 9875 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 9876 // from the organization that doesn't yet have enough information to exist 9877 // as a standalone account. This account requires you to first agree to the 9878 // AWS Customer Agreement. Follow the steps at Removing a member account 9879 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 9880 // the AWS Organizations User Guide. 9881 // 9882 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 9883 // an account from the organization that doesn't yet have enough information 9884 // to exist as a standalone account. This account requires you to first complete 9885 // phone verification. Follow the steps at Removing a member account from 9886 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 9887 // in the AWS Organizations User Guide. 9888 // 9889 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 9890 // of accounts that you can create in one day. 9891 // 9892 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 9893 // the number of accounts in an organization. If you need more accounts, 9894 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 9895 // request an increase in your limit. Or the number of invitations that you 9896 // tried to send would cause you to exceed the limit of accounts in your 9897 // organization. Send fewer invitations or contact AWS Support to request 9898 // an increase in the number of accounts. Deleted and closed accounts still 9899 // count toward your limit. If you get this exception when running a command 9900 // immediately after creating the organization, wait one hour and try again. 9901 // After an hour, if the command continues to fail with this error, contact 9902 // AWS Support (https://console.aws.amazon.com/support/home#/). 9903 // 9904 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 9905 // register the management account of the organization as a delegated administrator 9906 // for an AWS service integrated with Organizations. You can designate only 9907 // a member account as a delegated administrator. 9908 // 9909 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 9910 // an account that is registered as a delegated administrator for a service 9911 // integrated with your organization. To complete this operation, you must 9912 // first deregister this account as a delegated administrator. 9913 // 9914 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 9915 // organization in the specified region, you must enable all features mode. 9916 // 9917 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 9918 // an AWS account as a delegated administrator for an AWS service that already 9919 // has a delegated administrator. To complete this operation, you must first 9920 // deregister any existing delegated administrators for this service. 9921 // 9922 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 9923 // valid for a limited period of time. You must resubmit the request and 9924 // generate a new verfication code. 9925 // 9926 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 9927 // handshakes that you can send in one day. 9928 // 9929 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 9930 // in this organization, you first must migrate the organization's management 9931 // account to the marketplace that corresponds to the management account's 9932 // address. For example, accounts with India addresses must be associated 9933 // with the AISPL marketplace. All accounts in an organization must be associated 9934 // with the same marketplace. 9935 // 9936 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 9937 // in China. To create an organization, the master must have a valid business 9938 // license. For more information, contact customer support. 9939 // 9940 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 9941 // must first provide a valid contact address and phone number for the management 9942 // account. Then try the operation again. 9943 // 9944 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 9945 // management account must have an associated account in the AWS GovCloud 9946 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 9947 // in the AWS GovCloud User Guide. 9948 // 9949 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 9950 // with this management account, you first must associate a valid payment 9951 // instrument, such as a credit card, with the account. Follow the steps 9952 // at To leave an organization when all required account information has 9953 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9954 // in the AWS Organizations User Guide. 9955 // 9956 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 9957 // to register more delegated administrators than allowed for the service 9958 // principal. 9959 // 9960 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 9961 // number of policies of a certain type that can be attached to an entity 9962 // at one time. 9963 // 9964 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 9965 // on this resource. 9966 // 9967 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 9968 // with this member account, you first must associate a valid payment instrument, 9969 // such as a credit card, with the account. Follow the steps at To leave 9970 // an organization when all required account information has not yet been 9971 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 9972 // in the AWS Organizations User Guide. 9973 // 9974 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 9975 // policy from an entity that would cause the entity to have fewer than the 9976 // minimum number of policies of a certain type required. 9977 // 9978 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 9979 // that requires the organization to be configured to support all features. 9980 // An organization that supports only consolidated billing features can't 9981 // perform this operation. 9982 // 9983 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 9984 // too many levels deep. 9985 // 9986 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 9987 // that you can have in an organization. 9988 // 9989 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 9990 // is larger than the maximum size. 9991 // 9992 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 9993 // policies that you can have in an organization. 9994 // 9995 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 9996 // tags that are not compliant with the tag policy requirements for this 9997 // account. 9998 // 9999 // * InvalidInputException 10000 // The requested operation failed because you provided invalid values for one 10001 // or more of the request parameters. This exception includes a reason that 10002 // contains additional information about the violated limit: 10003 // 10004 // Some of the reasons in the following list might not be applicable to this 10005 // specific API or operation. 10006 // 10007 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 10008 // the same entity. 10009 // 10010 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10011 // can't be modified. 10012 // 10013 // * INPUT_REQUIRED: You must include a value for all required parameters. 10014 // 10015 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 10016 // for the invited account owner. 10017 // 10018 // * INVALID_ENUM: You specified an invalid value. 10019 // 10020 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 10021 // 10022 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10023 // characters. 10024 // 10025 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10026 // at least one invalid value. 10027 // 10028 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10029 // from the response to a previous call of the operation. 10030 // 10031 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10032 // organization, or email) as a party. 10033 // 10034 // * INVALID_PATTERN: You provided a value that doesn't match the required 10035 // pattern. 10036 // 10037 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10038 // match the required pattern. 10039 // 10040 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10041 // name can't begin with the reserved prefix AWSServiceRoleFor. 10042 // 10043 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10044 // Name (ARN) for the organization. 10045 // 10046 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10047 // 10048 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10049 // tag. You can’t add, edit, or delete system tag keys because they're 10050 // reserved for AWS use. System tags don’t count against your tags per 10051 // resource limit. 10052 // 10053 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10054 // for the operation. 10055 // 10056 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10057 // than allowed. 10058 // 10059 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10060 // value than allowed. 10061 // 10062 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10063 // than allowed. 10064 // 10065 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10066 // value than allowed. 10067 // 10068 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10069 // between entities in the same root. 10070 // 10071 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 10072 // target entity. 10073 // 10074 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 10075 // isn't recognized. 10076 // 10077 // * TooManyRequestsException 10078 // You have sent too many requests in too short a period of time. The quota 10079 // helps protect against denial-of-service attacks. Try again later. 10080 // 10081 // For information about quotas that affect AWS Organizations, see Quotas for 10082 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10083 // the AWS Organizations User Guide. 10084 // 10085 // * ServiceException 10086 // AWS Organizations can't complete your request because of an internal service 10087 // error. Try again later. 10088 // 10089 // * UnsupportedAPIEndpointException 10090 // This action isn't available in the current AWS Region. 10091 // 10092 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount 10093 func (c *Organizations) ListDelegatedServicesForAccount(input *ListDelegatedServicesForAccountInput) (*ListDelegatedServicesForAccountOutput, error) { 10094 req, out := c.ListDelegatedServicesForAccountRequest(input) 10095 return out, req.Send() 10096 } 10097 10098 // ListDelegatedServicesForAccountWithContext is the same as ListDelegatedServicesForAccount with the addition of 10099 // the ability to pass a context and additional request options. 10100 // 10101 // See ListDelegatedServicesForAccount for details on how to use this API operation. 10102 // 10103 // The context must be non-nil and will be used for request cancellation. If 10104 // the context is nil a panic will occur. In the future the SDK may create 10105 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10106 // for more information on using Contexts. 10107 func (c *Organizations) ListDelegatedServicesForAccountWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, opts ...request.Option) (*ListDelegatedServicesForAccountOutput, error) { 10108 req, out := c.ListDelegatedServicesForAccountRequest(input) 10109 req.SetContext(ctx) 10110 req.ApplyOptions(opts...) 10111 return out, req.Send() 10112 } 10113 10114 // ListDelegatedServicesForAccountPages iterates over the pages of a ListDelegatedServicesForAccount operation, 10115 // calling the "fn" function with the response data for each page. To stop 10116 // iterating, return false from the fn function. 10117 // 10118 // See ListDelegatedServicesForAccount method for more information on how to use this operation. 10119 // 10120 // Note: This operation can generate multiple requests to a service. 10121 // 10122 // // Example iterating over at most 3 pages of a ListDelegatedServicesForAccount operation. 10123 // pageNum := 0 10124 // err := client.ListDelegatedServicesForAccountPages(params, 10125 // func(page *organizations.ListDelegatedServicesForAccountOutput, lastPage bool) bool { 10126 // pageNum++ 10127 // fmt.Println(page) 10128 // return pageNum <= 3 10129 // }) 10130 // 10131 func (c *Organizations) ListDelegatedServicesForAccountPages(input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool) error { 10132 return c.ListDelegatedServicesForAccountPagesWithContext(aws.BackgroundContext(), input, fn) 10133 } 10134 10135 // ListDelegatedServicesForAccountPagesWithContext same as ListDelegatedServicesForAccountPages except 10136 // it takes a Context and allows setting request options on the pages. 10137 // 10138 // The context must be non-nil and will be used for request cancellation. If 10139 // the context is nil a panic will occur. In the future the SDK may create 10140 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10141 // for more information on using Contexts. 10142 func (c *Organizations) ListDelegatedServicesForAccountPagesWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool, opts ...request.Option) error { 10143 p := request.Pagination{ 10144 NewRequest: func() (*request.Request, error) { 10145 var inCpy *ListDelegatedServicesForAccountInput 10146 if input != nil { 10147 tmp := *input 10148 inCpy = &tmp 10149 } 10150 req, _ := c.ListDelegatedServicesForAccountRequest(inCpy) 10151 req.SetContext(ctx) 10152 req.ApplyOptions(opts...) 10153 return req, nil 10154 }, 10155 } 10156 10157 for p.Next() { 10158 if !fn(p.Page().(*ListDelegatedServicesForAccountOutput), !p.HasNextPage()) { 10159 break 10160 } 10161 } 10162 10163 return p.Err() 10164 } 10165 10166 const opListHandshakesForAccount = "ListHandshakesForAccount" 10167 10168 // ListHandshakesForAccountRequest generates a "aws/request.Request" representing the 10169 // client's request for the ListHandshakesForAccount operation. The "output" return 10170 // value will be populated with the request's response once the request completes 10171 // successfully. 10172 // 10173 // Use "Send" method on the returned Request to send the API call to the service. 10174 // the "output" return value is not valid until after Send returns without error. 10175 // 10176 // See ListHandshakesForAccount for more information on using the ListHandshakesForAccount 10177 // API call, and error handling. 10178 // 10179 // This method is useful when you want to inject custom logic or configuration 10180 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 10181 // 10182 // 10183 // // Example sending a request using the ListHandshakesForAccountRequest method. 10184 // req, resp := client.ListHandshakesForAccountRequest(params) 10185 // 10186 // err := req.Send() 10187 // if err == nil { // resp is now filled 10188 // fmt.Println(resp) 10189 // } 10190 // 10191 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 10192 func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) { 10193 op := &request.Operation{ 10194 Name: opListHandshakesForAccount, 10195 HTTPMethod: "POST", 10196 HTTPPath: "/", 10197 Paginator: &request.Paginator{ 10198 InputTokens: []string{"NextToken"}, 10199 OutputTokens: []string{"NextToken"}, 10200 LimitToken: "MaxResults", 10201 TruncationToken: "", 10202 }, 10203 } 10204 10205 if input == nil { 10206 input = &ListHandshakesForAccountInput{} 10207 } 10208 10209 output = &ListHandshakesForAccountOutput{} 10210 req = c.newRequest(op, input, output) 10211 return 10212 } 10213 10214 // ListHandshakesForAccount API operation for AWS Organizations. 10215 // 10216 // Lists the current handshakes that are associated with the account of the 10217 // requesting user. 10218 // 10219 // Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 10220 // of this API for only 30 days after changing to that state. After that, they're 10221 // deleted and no longer accessible. 10222 // 10223 // Always check the NextToken response parameter for a null value when calling 10224 // a List* operation. These operations can occasionally return an empty set 10225 // of results even when there are more results available. The NextToken response 10226 // parameter value is null only when there are no more results to display. 10227 // 10228 // This operation can be called from any account in the organization. 10229 // 10230 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10231 // with awserr.Error's Code and Message methods to get detailed information about 10232 // the error. 10233 // 10234 // See the AWS API reference guide for AWS Organizations's 10235 // API operation ListHandshakesForAccount for usage and error information. 10236 // 10237 // Returned Error Types: 10238 // * AccessDeniedException 10239 // You don't have permissions to perform the requested operation. The user or 10240 // role that is making the request must have at least one IAM permissions policy 10241 // attached that grants the required permissions. For more information, see 10242 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10243 // in the IAM User Guide. 10244 // 10245 // * ConcurrentModificationException 10246 // The target of the operation is currently being modified by a different request. 10247 // Try again later. 10248 // 10249 // * InvalidInputException 10250 // The requested operation failed because you provided invalid values for one 10251 // or more of the request parameters. This exception includes a reason that 10252 // contains additional information about the violated limit: 10253 // 10254 // Some of the reasons in the following list might not be applicable to this 10255 // specific API or operation. 10256 // 10257 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 10258 // the same entity. 10259 // 10260 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10261 // can't be modified. 10262 // 10263 // * INPUT_REQUIRED: You must include a value for all required parameters. 10264 // 10265 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 10266 // for the invited account owner. 10267 // 10268 // * INVALID_ENUM: You specified an invalid value. 10269 // 10270 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 10271 // 10272 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10273 // characters. 10274 // 10275 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10276 // at least one invalid value. 10277 // 10278 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10279 // from the response to a previous call of the operation. 10280 // 10281 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10282 // organization, or email) as a party. 10283 // 10284 // * INVALID_PATTERN: You provided a value that doesn't match the required 10285 // pattern. 10286 // 10287 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10288 // match the required pattern. 10289 // 10290 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10291 // name can't begin with the reserved prefix AWSServiceRoleFor. 10292 // 10293 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10294 // Name (ARN) for the organization. 10295 // 10296 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10297 // 10298 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10299 // tag. You can’t add, edit, or delete system tag keys because they're 10300 // reserved for AWS use. System tags don’t count against your tags per 10301 // resource limit. 10302 // 10303 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10304 // for the operation. 10305 // 10306 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10307 // than allowed. 10308 // 10309 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10310 // value than allowed. 10311 // 10312 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10313 // than allowed. 10314 // 10315 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10316 // value than allowed. 10317 // 10318 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10319 // between entities in the same root. 10320 // 10321 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 10322 // target entity. 10323 // 10324 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 10325 // isn't recognized. 10326 // 10327 // * ServiceException 10328 // AWS Organizations can't complete your request because of an internal service 10329 // error. Try again later. 10330 // 10331 // * TooManyRequestsException 10332 // You have sent too many requests in too short a period of time. The quota 10333 // helps protect against denial-of-service attacks. Try again later. 10334 // 10335 // For information about quotas that affect AWS Organizations, see Quotas for 10336 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10337 // the AWS Organizations User Guide. 10338 // 10339 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount 10340 func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) { 10341 req, out := c.ListHandshakesForAccountRequest(input) 10342 return out, req.Send() 10343 } 10344 10345 // ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of 10346 // the ability to pass a context and additional request options. 10347 // 10348 // See ListHandshakesForAccount for details on how to use this API operation. 10349 // 10350 // The context must be non-nil and will be used for request cancellation. If 10351 // the context is nil a panic will occur. In the future the SDK may create 10352 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10353 // for more information on using Contexts. 10354 func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) { 10355 req, out := c.ListHandshakesForAccountRequest(input) 10356 req.SetContext(ctx) 10357 req.ApplyOptions(opts...) 10358 return out, req.Send() 10359 } 10360 10361 // ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation, 10362 // calling the "fn" function with the response data for each page. To stop 10363 // iterating, return false from the fn function. 10364 // 10365 // See ListHandshakesForAccount method for more information on how to use this operation. 10366 // 10367 // Note: This operation can generate multiple requests to a service. 10368 // 10369 // // Example iterating over at most 3 pages of a ListHandshakesForAccount operation. 10370 // pageNum := 0 10371 // err := client.ListHandshakesForAccountPages(params, 10372 // func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool { 10373 // pageNum++ 10374 // fmt.Println(page) 10375 // return pageNum <= 3 10376 // }) 10377 // 10378 func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error { 10379 return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn) 10380 } 10381 10382 // ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except 10383 // it takes a Context and allows setting request options on the pages. 10384 // 10385 // The context must be non-nil and will be used for request cancellation. If 10386 // the context is nil a panic will occur. In the future the SDK may create 10387 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10388 // for more information on using Contexts. 10389 func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error { 10390 p := request.Pagination{ 10391 NewRequest: func() (*request.Request, error) { 10392 var inCpy *ListHandshakesForAccountInput 10393 if input != nil { 10394 tmp := *input 10395 inCpy = &tmp 10396 } 10397 req, _ := c.ListHandshakesForAccountRequest(inCpy) 10398 req.SetContext(ctx) 10399 req.ApplyOptions(opts...) 10400 return req, nil 10401 }, 10402 } 10403 10404 for p.Next() { 10405 if !fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) { 10406 break 10407 } 10408 } 10409 10410 return p.Err() 10411 } 10412 10413 const opListHandshakesForOrganization = "ListHandshakesForOrganization" 10414 10415 // ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the 10416 // client's request for the ListHandshakesForOrganization operation. The "output" return 10417 // value will be populated with the request's response once the request completes 10418 // successfully. 10419 // 10420 // Use "Send" method on the returned Request to send the API call to the service. 10421 // the "output" return value is not valid until after Send returns without error. 10422 // 10423 // See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization 10424 // API call, and error handling. 10425 // 10426 // This method is useful when you want to inject custom logic or configuration 10427 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 10428 // 10429 // 10430 // // Example sending a request using the ListHandshakesForOrganizationRequest method. 10431 // req, resp := client.ListHandshakesForOrganizationRequest(params) 10432 // 10433 // err := req.Send() 10434 // if err == nil { // resp is now filled 10435 // fmt.Println(resp) 10436 // } 10437 // 10438 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 10439 func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) { 10440 op := &request.Operation{ 10441 Name: opListHandshakesForOrganization, 10442 HTTPMethod: "POST", 10443 HTTPPath: "/", 10444 Paginator: &request.Paginator{ 10445 InputTokens: []string{"NextToken"}, 10446 OutputTokens: []string{"NextToken"}, 10447 LimitToken: "MaxResults", 10448 TruncationToken: "", 10449 }, 10450 } 10451 10452 if input == nil { 10453 input = &ListHandshakesForOrganizationInput{} 10454 } 10455 10456 output = &ListHandshakesForOrganizationOutput{} 10457 req = c.newRequest(op, input, output) 10458 return 10459 } 10460 10461 // ListHandshakesForOrganization API operation for AWS Organizations. 10462 // 10463 // Lists the handshakes that are associated with the organization that the requesting 10464 // user is part of. The ListHandshakesForOrganization operation returns a list 10465 // of handshake structures. Each structure contains details and status about 10466 // a handshake. 10467 // 10468 // Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results 10469 // of this API for only 30 days after changing to that state. After that, they're 10470 // deleted and no longer accessible. 10471 // 10472 // Always check the NextToken response parameter for a null value when calling 10473 // a List* operation. These operations can occasionally return an empty set 10474 // of results even when there are more results available. The NextToken response 10475 // parameter value is null only when there are no more results to display. 10476 // 10477 // This operation can be called only from the organization's management account 10478 // or by a member account that is a delegated administrator for an AWS service. 10479 // 10480 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10481 // with awserr.Error's Code and Message methods to get detailed information about 10482 // the error. 10483 // 10484 // See the AWS API reference guide for AWS Organizations's 10485 // API operation ListHandshakesForOrganization for usage and error information. 10486 // 10487 // Returned Error Types: 10488 // * AccessDeniedException 10489 // You don't have permissions to perform the requested operation. The user or 10490 // role that is making the request must have at least one IAM permissions policy 10491 // attached that grants the required permissions. For more information, see 10492 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10493 // in the IAM User Guide. 10494 // 10495 // * AWSOrganizationsNotInUseException 10496 // Your account isn't a member of an organization. To make this request, you 10497 // must use the credentials of an account that belongs to an organization. 10498 // 10499 // * ConcurrentModificationException 10500 // The target of the operation is currently being modified by a different request. 10501 // Try again later. 10502 // 10503 // * InvalidInputException 10504 // The requested operation failed because you provided invalid values for one 10505 // or more of the request parameters. This exception includes a reason that 10506 // contains additional information about the violated limit: 10507 // 10508 // Some of the reasons in the following list might not be applicable to this 10509 // specific API or operation. 10510 // 10511 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 10512 // the same entity. 10513 // 10514 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10515 // can't be modified. 10516 // 10517 // * INPUT_REQUIRED: You must include a value for all required parameters. 10518 // 10519 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 10520 // for the invited account owner. 10521 // 10522 // * INVALID_ENUM: You specified an invalid value. 10523 // 10524 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 10525 // 10526 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10527 // characters. 10528 // 10529 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10530 // at least one invalid value. 10531 // 10532 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10533 // from the response to a previous call of the operation. 10534 // 10535 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10536 // organization, or email) as a party. 10537 // 10538 // * INVALID_PATTERN: You provided a value that doesn't match the required 10539 // pattern. 10540 // 10541 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10542 // match the required pattern. 10543 // 10544 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10545 // name can't begin with the reserved prefix AWSServiceRoleFor. 10546 // 10547 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10548 // Name (ARN) for the organization. 10549 // 10550 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10551 // 10552 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10553 // tag. You can’t add, edit, or delete system tag keys because they're 10554 // reserved for AWS use. System tags don’t count against your tags per 10555 // resource limit. 10556 // 10557 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10558 // for the operation. 10559 // 10560 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10561 // than allowed. 10562 // 10563 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10564 // value than allowed. 10565 // 10566 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10567 // than allowed. 10568 // 10569 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10570 // value than allowed. 10571 // 10572 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10573 // between entities in the same root. 10574 // 10575 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 10576 // target entity. 10577 // 10578 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 10579 // isn't recognized. 10580 // 10581 // * ServiceException 10582 // AWS Organizations can't complete your request because of an internal service 10583 // error. Try again later. 10584 // 10585 // * TooManyRequestsException 10586 // You have sent too many requests in too short a period of time. The quota 10587 // helps protect against denial-of-service attacks. Try again later. 10588 // 10589 // For information about quotas that affect AWS Organizations, see Quotas for 10590 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10591 // the AWS Organizations User Guide. 10592 // 10593 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization 10594 func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) { 10595 req, out := c.ListHandshakesForOrganizationRequest(input) 10596 return out, req.Send() 10597 } 10598 10599 // ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of 10600 // the ability to pass a context and additional request options. 10601 // 10602 // See ListHandshakesForOrganization for details on how to use this API operation. 10603 // 10604 // The context must be non-nil and will be used for request cancellation. If 10605 // the context is nil a panic will occur. In the future the SDK may create 10606 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10607 // for more information on using Contexts. 10608 func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) { 10609 req, out := c.ListHandshakesForOrganizationRequest(input) 10610 req.SetContext(ctx) 10611 req.ApplyOptions(opts...) 10612 return out, req.Send() 10613 } 10614 10615 // ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation, 10616 // calling the "fn" function with the response data for each page. To stop 10617 // iterating, return false from the fn function. 10618 // 10619 // See ListHandshakesForOrganization method for more information on how to use this operation. 10620 // 10621 // Note: This operation can generate multiple requests to a service. 10622 // 10623 // // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation. 10624 // pageNum := 0 10625 // err := client.ListHandshakesForOrganizationPages(params, 10626 // func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool { 10627 // pageNum++ 10628 // fmt.Println(page) 10629 // return pageNum <= 3 10630 // }) 10631 // 10632 func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error { 10633 return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn) 10634 } 10635 10636 // ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except 10637 // it takes a Context and allows setting request options on the pages. 10638 // 10639 // The context must be non-nil and will be used for request cancellation. If 10640 // the context is nil a panic will occur. In the future the SDK may create 10641 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10642 // for more information on using Contexts. 10643 func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error { 10644 p := request.Pagination{ 10645 NewRequest: func() (*request.Request, error) { 10646 var inCpy *ListHandshakesForOrganizationInput 10647 if input != nil { 10648 tmp := *input 10649 inCpy = &tmp 10650 } 10651 req, _ := c.ListHandshakesForOrganizationRequest(inCpy) 10652 req.SetContext(ctx) 10653 req.ApplyOptions(opts...) 10654 return req, nil 10655 }, 10656 } 10657 10658 for p.Next() { 10659 if !fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) { 10660 break 10661 } 10662 } 10663 10664 return p.Err() 10665 } 10666 10667 const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent" 10668 10669 // ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the 10670 // client's request for the ListOrganizationalUnitsForParent operation. The "output" return 10671 // value will be populated with the request's response once the request completes 10672 // successfully. 10673 // 10674 // Use "Send" method on the returned Request to send the API call to the service. 10675 // the "output" return value is not valid until after Send returns without error. 10676 // 10677 // See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent 10678 // API call, and error handling. 10679 // 10680 // This method is useful when you want to inject custom logic or configuration 10681 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 10682 // 10683 // 10684 // // Example sending a request using the ListOrganizationalUnitsForParentRequest method. 10685 // req, resp := client.ListOrganizationalUnitsForParentRequest(params) 10686 // 10687 // err := req.Send() 10688 // if err == nil { // resp is now filled 10689 // fmt.Println(resp) 10690 // } 10691 // 10692 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 10693 func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) { 10694 op := &request.Operation{ 10695 Name: opListOrganizationalUnitsForParent, 10696 HTTPMethod: "POST", 10697 HTTPPath: "/", 10698 Paginator: &request.Paginator{ 10699 InputTokens: []string{"NextToken"}, 10700 OutputTokens: []string{"NextToken"}, 10701 LimitToken: "MaxResults", 10702 TruncationToken: "", 10703 }, 10704 } 10705 10706 if input == nil { 10707 input = &ListOrganizationalUnitsForParentInput{} 10708 } 10709 10710 output = &ListOrganizationalUnitsForParentOutput{} 10711 req = c.newRequest(op, input, output) 10712 return 10713 } 10714 10715 // ListOrganizationalUnitsForParent API operation for AWS Organizations. 10716 // 10717 // Lists the organizational units (OUs) in a parent organizational unit or root. 10718 // 10719 // Always check the NextToken response parameter for a null value when calling 10720 // a List* operation. These operations can occasionally return an empty set 10721 // of results even when there are more results available. The NextToken response 10722 // parameter value is null only when there are no more results to display. 10723 // 10724 // This operation can be called only from the organization's management account 10725 // or by a member account that is a delegated administrator for an AWS service. 10726 // 10727 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10728 // with awserr.Error's Code and Message methods to get detailed information about 10729 // the error. 10730 // 10731 // See the AWS API reference guide for AWS Organizations's 10732 // API operation ListOrganizationalUnitsForParent for usage and error information. 10733 // 10734 // Returned Error Types: 10735 // * AccessDeniedException 10736 // You don't have permissions to perform the requested operation. The user or 10737 // role that is making the request must have at least one IAM permissions policy 10738 // attached that grants the required permissions. For more information, see 10739 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10740 // in the IAM User Guide. 10741 // 10742 // * AWSOrganizationsNotInUseException 10743 // Your account isn't a member of an organization. To make this request, you 10744 // must use the credentials of an account that belongs to an organization. 10745 // 10746 // * InvalidInputException 10747 // The requested operation failed because you provided invalid values for one 10748 // or more of the request parameters. This exception includes a reason that 10749 // contains additional information about the violated limit: 10750 // 10751 // Some of the reasons in the following list might not be applicable to this 10752 // specific API or operation. 10753 // 10754 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 10755 // the same entity. 10756 // 10757 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 10758 // can't be modified. 10759 // 10760 // * INPUT_REQUIRED: You must include a value for all required parameters. 10761 // 10762 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 10763 // for the invited account owner. 10764 // 10765 // * INVALID_ENUM: You specified an invalid value. 10766 // 10767 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 10768 // 10769 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 10770 // characters. 10771 // 10772 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 10773 // at least one invalid value. 10774 // 10775 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 10776 // from the response to a previous call of the operation. 10777 // 10778 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 10779 // organization, or email) as a party. 10780 // 10781 // * INVALID_PATTERN: You provided a value that doesn't match the required 10782 // pattern. 10783 // 10784 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 10785 // match the required pattern. 10786 // 10787 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 10788 // name can't begin with the reserved prefix AWSServiceRoleFor. 10789 // 10790 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 10791 // Name (ARN) for the organization. 10792 // 10793 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 10794 // 10795 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 10796 // tag. You can’t add, edit, or delete system tag keys because they're 10797 // reserved for AWS use. System tags don’t count against your tags per 10798 // resource limit. 10799 // 10800 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 10801 // for the operation. 10802 // 10803 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 10804 // than allowed. 10805 // 10806 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 10807 // value than allowed. 10808 // 10809 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 10810 // than allowed. 10811 // 10812 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 10813 // value than allowed. 10814 // 10815 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 10816 // between entities in the same root. 10817 // 10818 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 10819 // target entity. 10820 // 10821 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 10822 // isn't recognized. 10823 // 10824 // * ParentNotFoundException 10825 // We can't find a root or OU with the ParentId that you specified. 10826 // 10827 // * ServiceException 10828 // AWS Organizations can't complete your request because of an internal service 10829 // error. Try again later. 10830 // 10831 // * TooManyRequestsException 10832 // You have sent too many requests in too short a period of time. The quota 10833 // helps protect against denial-of-service attacks. Try again later. 10834 // 10835 // For information about quotas that affect AWS Organizations, see Quotas for 10836 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 10837 // the AWS Organizations User Guide. 10838 // 10839 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent 10840 func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) { 10841 req, out := c.ListOrganizationalUnitsForParentRequest(input) 10842 return out, req.Send() 10843 } 10844 10845 // ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of 10846 // the ability to pass a context and additional request options. 10847 // 10848 // See ListOrganizationalUnitsForParent for details on how to use this API operation. 10849 // 10850 // The context must be non-nil and will be used for request cancellation. If 10851 // the context is nil a panic will occur. In the future the SDK may create 10852 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10853 // for more information on using Contexts. 10854 func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) { 10855 req, out := c.ListOrganizationalUnitsForParentRequest(input) 10856 req.SetContext(ctx) 10857 req.ApplyOptions(opts...) 10858 return out, req.Send() 10859 } 10860 10861 // ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation, 10862 // calling the "fn" function with the response data for each page. To stop 10863 // iterating, return false from the fn function. 10864 // 10865 // See ListOrganizationalUnitsForParent method for more information on how to use this operation. 10866 // 10867 // Note: This operation can generate multiple requests to a service. 10868 // 10869 // // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation. 10870 // pageNum := 0 10871 // err := client.ListOrganizationalUnitsForParentPages(params, 10872 // func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool { 10873 // pageNum++ 10874 // fmt.Println(page) 10875 // return pageNum <= 3 10876 // }) 10877 // 10878 func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error { 10879 return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn) 10880 } 10881 10882 // ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except 10883 // it takes a Context and allows setting request options on the pages. 10884 // 10885 // The context must be non-nil and will be used for request cancellation. If 10886 // the context is nil a panic will occur. In the future the SDK may create 10887 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 10888 // for more information on using Contexts. 10889 func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error { 10890 p := request.Pagination{ 10891 NewRequest: func() (*request.Request, error) { 10892 var inCpy *ListOrganizationalUnitsForParentInput 10893 if input != nil { 10894 tmp := *input 10895 inCpy = &tmp 10896 } 10897 req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy) 10898 req.SetContext(ctx) 10899 req.ApplyOptions(opts...) 10900 return req, nil 10901 }, 10902 } 10903 10904 for p.Next() { 10905 if !fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) { 10906 break 10907 } 10908 } 10909 10910 return p.Err() 10911 } 10912 10913 const opListParents = "ListParents" 10914 10915 // ListParentsRequest generates a "aws/request.Request" representing the 10916 // client's request for the ListParents operation. The "output" return 10917 // value will be populated with the request's response once the request completes 10918 // successfully. 10919 // 10920 // Use "Send" method on the returned Request to send the API call to the service. 10921 // the "output" return value is not valid until after Send returns without error. 10922 // 10923 // See ListParents for more information on using the ListParents 10924 // API call, and error handling. 10925 // 10926 // This method is useful when you want to inject custom logic or configuration 10927 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 10928 // 10929 // 10930 // // Example sending a request using the ListParentsRequest method. 10931 // req, resp := client.ListParentsRequest(params) 10932 // 10933 // err := req.Send() 10934 // if err == nil { // resp is now filled 10935 // fmt.Println(resp) 10936 // } 10937 // 10938 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 10939 func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) { 10940 op := &request.Operation{ 10941 Name: opListParents, 10942 HTTPMethod: "POST", 10943 HTTPPath: "/", 10944 Paginator: &request.Paginator{ 10945 InputTokens: []string{"NextToken"}, 10946 OutputTokens: []string{"NextToken"}, 10947 LimitToken: "MaxResults", 10948 TruncationToken: "", 10949 }, 10950 } 10951 10952 if input == nil { 10953 input = &ListParentsInput{} 10954 } 10955 10956 output = &ListParentsOutput{} 10957 req = c.newRequest(op, input, output) 10958 return 10959 } 10960 10961 // ListParents API operation for AWS Organizations. 10962 // 10963 // Lists the root or organizational units (OUs) that serve as the immediate 10964 // parent of the specified child OU or account. This operation, along with ListChildren 10965 // enables you to traverse the tree structure that makes up this root. 10966 // 10967 // Always check the NextToken response parameter for a null value when calling 10968 // a List* operation. These operations can occasionally return an empty set 10969 // of results even when there are more results available. The NextToken response 10970 // parameter value is null only when there are no more results to display. 10971 // 10972 // This operation can be called only from the organization's management account 10973 // or by a member account that is a delegated administrator for an AWS service. 10974 // 10975 // In the current release, a child can have only a single parent. 10976 // 10977 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 10978 // with awserr.Error's Code and Message methods to get detailed information about 10979 // the error. 10980 // 10981 // See the AWS API reference guide for AWS Organizations's 10982 // API operation ListParents for usage and error information. 10983 // 10984 // Returned Error Types: 10985 // * AccessDeniedException 10986 // You don't have permissions to perform the requested operation. The user or 10987 // role that is making the request must have at least one IAM permissions policy 10988 // attached that grants the required permissions. For more information, see 10989 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 10990 // in the IAM User Guide. 10991 // 10992 // * AWSOrganizationsNotInUseException 10993 // Your account isn't a member of an organization. To make this request, you 10994 // must use the credentials of an account that belongs to an organization. 10995 // 10996 // * ChildNotFoundException 10997 // We can't find an organizational unit (OU) or AWS account with the ChildId 10998 // that you specified. 10999 // 11000 // * InvalidInputException 11001 // The requested operation failed because you provided invalid values for one 11002 // or more of the request parameters. This exception includes a reason that 11003 // contains additional information about the violated limit: 11004 // 11005 // Some of the reasons in the following list might not be applicable to this 11006 // specific API or operation. 11007 // 11008 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 11009 // the same entity. 11010 // 11011 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11012 // can't be modified. 11013 // 11014 // * INPUT_REQUIRED: You must include a value for all required parameters. 11015 // 11016 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 11017 // for the invited account owner. 11018 // 11019 // * INVALID_ENUM: You specified an invalid value. 11020 // 11021 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 11022 // 11023 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11024 // characters. 11025 // 11026 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11027 // at least one invalid value. 11028 // 11029 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11030 // from the response to a previous call of the operation. 11031 // 11032 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11033 // organization, or email) as a party. 11034 // 11035 // * INVALID_PATTERN: You provided a value that doesn't match the required 11036 // pattern. 11037 // 11038 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11039 // match the required pattern. 11040 // 11041 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11042 // name can't begin with the reserved prefix AWSServiceRoleFor. 11043 // 11044 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11045 // Name (ARN) for the organization. 11046 // 11047 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11048 // 11049 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11050 // tag. You can’t add, edit, or delete system tag keys because they're 11051 // reserved for AWS use. System tags don’t count against your tags per 11052 // resource limit. 11053 // 11054 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11055 // for the operation. 11056 // 11057 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11058 // than allowed. 11059 // 11060 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11061 // value than allowed. 11062 // 11063 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11064 // than allowed. 11065 // 11066 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11067 // value than allowed. 11068 // 11069 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11070 // between entities in the same root. 11071 // 11072 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 11073 // target entity. 11074 // 11075 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 11076 // isn't recognized. 11077 // 11078 // * ServiceException 11079 // AWS Organizations can't complete your request because of an internal service 11080 // error. Try again later. 11081 // 11082 // * TooManyRequestsException 11083 // You have sent too many requests in too short a period of time. The quota 11084 // helps protect against denial-of-service attacks. Try again later. 11085 // 11086 // For information about quotas that affect AWS Organizations, see Quotas for 11087 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11088 // the AWS Organizations User Guide. 11089 // 11090 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents 11091 func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) { 11092 req, out := c.ListParentsRequest(input) 11093 return out, req.Send() 11094 } 11095 11096 // ListParentsWithContext is the same as ListParents with the addition of 11097 // the ability to pass a context and additional request options. 11098 // 11099 // See ListParents for details on how to use this API operation. 11100 // 11101 // The context must be non-nil and will be used for request cancellation. If 11102 // the context is nil a panic will occur. In the future the SDK may create 11103 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11104 // for more information on using Contexts. 11105 func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) { 11106 req, out := c.ListParentsRequest(input) 11107 req.SetContext(ctx) 11108 req.ApplyOptions(opts...) 11109 return out, req.Send() 11110 } 11111 11112 // ListParentsPages iterates over the pages of a ListParents operation, 11113 // calling the "fn" function with the response data for each page. To stop 11114 // iterating, return false from the fn function. 11115 // 11116 // See ListParents method for more information on how to use this operation. 11117 // 11118 // Note: This operation can generate multiple requests to a service. 11119 // 11120 // // Example iterating over at most 3 pages of a ListParents operation. 11121 // pageNum := 0 11122 // err := client.ListParentsPages(params, 11123 // func(page *organizations.ListParentsOutput, lastPage bool) bool { 11124 // pageNum++ 11125 // fmt.Println(page) 11126 // return pageNum <= 3 11127 // }) 11128 // 11129 func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error { 11130 return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn) 11131 } 11132 11133 // ListParentsPagesWithContext same as ListParentsPages except 11134 // it takes a Context and allows setting request options on the pages. 11135 // 11136 // The context must be non-nil and will be used for request cancellation. If 11137 // the context is nil a panic will occur. In the future the SDK may create 11138 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11139 // for more information on using Contexts. 11140 func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error { 11141 p := request.Pagination{ 11142 NewRequest: func() (*request.Request, error) { 11143 var inCpy *ListParentsInput 11144 if input != nil { 11145 tmp := *input 11146 inCpy = &tmp 11147 } 11148 req, _ := c.ListParentsRequest(inCpy) 11149 req.SetContext(ctx) 11150 req.ApplyOptions(opts...) 11151 return req, nil 11152 }, 11153 } 11154 11155 for p.Next() { 11156 if !fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) { 11157 break 11158 } 11159 } 11160 11161 return p.Err() 11162 } 11163 11164 const opListPolicies = "ListPolicies" 11165 11166 // ListPoliciesRequest generates a "aws/request.Request" representing the 11167 // client's request for the ListPolicies operation. The "output" return 11168 // value will be populated with the request's response once the request completes 11169 // successfully. 11170 // 11171 // Use "Send" method on the returned Request to send the API call to the service. 11172 // the "output" return value is not valid until after Send returns without error. 11173 // 11174 // See ListPolicies for more information on using the ListPolicies 11175 // API call, and error handling. 11176 // 11177 // This method is useful when you want to inject custom logic or configuration 11178 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 11179 // 11180 // 11181 // // Example sending a request using the ListPoliciesRequest method. 11182 // req, resp := client.ListPoliciesRequest(params) 11183 // 11184 // err := req.Send() 11185 // if err == nil { // resp is now filled 11186 // fmt.Println(resp) 11187 // } 11188 // 11189 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 11190 func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) { 11191 op := &request.Operation{ 11192 Name: opListPolicies, 11193 HTTPMethod: "POST", 11194 HTTPPath: "/", 11195 Paginator: &request.Paginator{ 11196 InputTokens: []string{"NextToken"}, 11197 OutputTokens: []string{"NextToken"}, 11198 LimitToken: "MaxResults", 11199 TruncationToken: "", 11200 }, 11201 } 11202 11203 if input == nil { 11204 input = &ListPoliciesInput{} 11205 } 11206 11207 output = &ListPoliciesOutput{} 11208 req = c.newRequest(op, input, output) 11209 return 11210 } 11211 11212 // ListPolicies API operation for AWS Organizations. 11213 // 11214 // Retrieves the list of all policies in an organization of a specified type. 11215 // 11216 // Always check the NextToken response parameter for a null value when calling 11217 // a List* operation. These operations can occasionally return an empty set 11218 // of results even when there are more results available. The NextToken response 11219 // parameter value is null only when there are no more results to display. 11220 // 11221 // This operation can be called only from the organization's management account 11222 // or by a member account that is a delegated administrator for an AWS service. 11223 // 11224 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11225 // with awserr.Error's Code and Message methods to get detailed information about 11226 // the error. 11227 // 11228 // See the AWS API reference guide for AWS Organizations's 11229 // API operation ListPolicies for usage and error information. 11230 // 11231 // Returned Error Types: 11232 // * AccessDeniedException 11233 // You don't have permissions to perform the requested operation. The user or 11234 // role that is making the request must have at least one IAM permissions policy 11235 // attached that grants the required permissions. For more information, see 11236 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11237 // in the IAM User Guide. 11238 // 11239 // * AWSOrganizationsNotInUseException 11240 // Your account isn't a member of an organization. To make this request, you 11241 // must use the credentials of an account that belongs to an organization. 11242 // 11243 // * InvalidInputException 11244 // The requested operation failed because you provided invalid values for one 11245 // or more of the request parameters. This exception includes a reason that 11246 // contains additional information about the violated limit: 11247 // 11248 // Some of the reasons in the following list might not be applicable to this 11249 // specific API or operation. 11250 // 11251 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 11252 // the same entity. 11253 // 11254 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11255 // can't be modified. 11256 // 11257 // * INPUT_REQUIRED: You must include a value for all required parameters. 11258 // 11259 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 11260 // for the invited account owner. 11261 // 11262 // * INVALID_ENUM: You specified an invalid value. 11263 // 11264 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 11265 // 11266 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11267 // characters. 11268 // 11269 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11270 // at least one invalid value. 11271 // 11272 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11273 // from the response to a previous call of the operation. 11274 // 11275 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11276 // organization, or email) as a party. 11277 // 11278 // * INVALID_PATTERN: You provided a value that doesn't match the required 11279 // pattern. 11280 // 11281 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11282 // match the required pattern. 11283 // 11284 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11285 // name can't begin with the reserved prefix AWSServiceRoleFor. 11286 // 11287 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11288 // Name (ARN) for the organization. 11289 // 11290 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11291 // 11292 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11293 // tag. You can’t add, edit, or delete system tag keys because they're 11294 // reserved for AWS use. System tags don’t count against your tags per 11295 // resource limit. 11296 // 11297 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11298 // for the operation. 11299 // 11300 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11301 // than allowed. 11302 // 11303 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11304 // value than allowed. 11305 // 11306 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11307 // than allowed. 11308 // 11309 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11310 // value than allowed. 11311 // 11312 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11313 // between entities in the same root. 11314 // 11315 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 11316 // target entity. 11317 // 11318 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 11319 // isn't recognized. 11320 // 11321 // * ServiceException 11322 // AWS Organizations can't complete your request because of an internal service 11323 // error. Try again later. 11324 // 11325 // * TooManyRequestsException 11326 // You have sent too many requests in too short a period of time. The quota 11327 // helps protect against denial-of-service attacks. Try again later. 11328 // 11329 // For information about quotas that affect AWS Organizations, see Quotas for 11330 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11331 // the AWS Organizations User Guide. 11332 // 11333 // * UnsupportedAPIEndpointException 11334 // This action isn't available in the current AWS Region. 11335 // 11336 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies 11337 func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) { 11338 req, out := c.ListPoliciesRequest(input) 11339 return out, req.Send() 11340 } 11341 11342 // ListPoliciesWithContext is the same as ListPolicies with the addition of 11343 // the ability to pass a context and additional request options. 11344 // 11345 // See ListPolicies for details on how to use this API operation. 11346 // 11347 // The context must be non-nil and will be used for request cancellation. If 11348 // the context is nil a panic will occur. In the future the SDK may create 11349 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11350 // for more information on using Contexts. 11351 func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) { 11352 req, out := c.ListPoliciesRequest(input) 11353 req.SetContext(ctx) 11354 req.ApplyOptions(opts...) 11355 return out, req.Send() 11356 } 11357 11358 // ListPoliciesPages iterates over the pages of a ListPolicies operation, 11359 // calling the "fn" function with the response data for each page. To stop 11360 // iterating, return false from the fn function. 11361 // 11362 // See ListPolicies method for more information on how to use this operation. 11363 // 11364 // Note: This operation can generate multiple requests to a service. 11365 // 11366 // // Example iterating over at most 3 pages of a ListPolicies operation. 11367 // pageNum := 0 11368 // err := client.ListPoliciesPages(params, 11369 // func(page *organizations.ListPoliciesOutput, lastPage bool) bool { 11370 // pageNum++ 11371 // fmt.Println(page) 11372 // return pageNum <= 3 11373 // }) 11374 // 11375 func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error { 11376 return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) 11377 } 11378 11379 // ListPoliciesPagesWithContext same as ListPoliciesPages except 11380 // it takes a Context and allows setting request options on the pages. 11381 // 11382 // The context must be non-nil and will be used for request cancellation. If 11383 // the context is nil a panic will occur. In the future the SDK may create 11384 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11385 // for more information on using Contexts. 11386 func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error { 11387 p := request.Pagination{ 11388 NewRequest: func() (*request.Request, error) { 11389 var inCpy *ListPoliciesInput 11390 if input != nil { 11391 tmp := *input 11392 inCpy = &tmp 11393 } 11394 req, _ := c.ListPoliciesRequest(inCpy) 11395 req.SetContext(ctx) 11396 req.ApplyOptions(opts...) 11397 return req, nil 11398 }, 11399 } 11400 11401 for p.Next() { 11402 if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) { 11403 break 11404 } 11405 } 11406 11407 return p.Err() 11408 } 11409 11410 const opListPoliciesForTarget = "ListPoliciesForTarget" 11411 11412 // ListPoliciesForTargetRequest generates a "aws/request.Request" representing the 11413 // client's request for the ListPoliciesForTarget operation. The "output" return 11414 // value will be populated with the request's response once the request completes 11415 // successfully. 11416 // 11417 // Use "Send" method on the returned Request to send the API call to the service. 11418 // the "output" return value is not valid until after Send returns without error. 11419 // 11420 // See ListPoliciesForTarget for more information on using the ListPoliciesForTarget 11421 // API call, and error handling. 11422 // 11423 // This method is useful when you want to inject custom logic or configuration 11424 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 11425 // 11426 // 11427 // // Example sending a request using the ListPoliciesForTargetRequest method. 11428 // req, resp := client.ListPoliciesForTargetRequest(params) 11429 // 11430 // err := req.Send() 11431 // if err == nil { // resp is now filled 11432 // fmt.Println(resp) 11433 // } 11434 // 11435 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 11436 func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) { 11437 op := &request.Operation{ 11438 Name: opListPoliciesForTarget, 11439 HTTPMethod: "POST", 11440 HTTPPath: "/", 11441 Paginator: &request.Paginator{ 11442 InputTokens: []string{"NextToken"}, 11443 OutputTokens: []string{"NextToken"}, 11444 LimitToken: "MaxResults", 11445 TruncationToken: "", 11446 }, 11447 } 11448 11449 if input == nil { 11450 input = &ListPoliciesForTargetInput{} 11451 } 11452 11453 output = &ListPoliciesForTargetOutput{} 11454 req = c.newRequest(op, input, output) 11455 return 11456 } 11457 11458 // ListPoliciesForTarget API operation for AWS Organizations. 11459 // 11460 // Lists the policies that are directly attached to the specified target root, 11461 // organizational unit (OU), or account. You must specify the policy type that 11462 // you want included in the returned list. 11463 // 11464 // Always check the NextToken response parameter for a null value when calling 11465 // a List* operation. These operations can occasionally return an empty set 11466 // of results even when there are more results available. The NextToken response 11467 // parameter value is null only when there are no more results to display. 11468 // 11469 // This operation can be called only from the organization's management account 11470 // or by a member account that is a delegated administrator for an AWS service. 11471 // 11472 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11473 // with awserr.Error's Code and Message methods to get detailed information about 11474 // the error. 11475 // 11476 // See the AWS API reference guide for AWS Organizations's 11477 // API operation ListPoliciesForTarget for usage and error information. 11478 // 11479 // Returned Error Types: 11480 // * AccessDeniedException 11481 // You don't have permissions to perform the requested operation. The user or 11482 // role that is making the request must have at least one IAM permissions policy 11483 // attached that grants the required permissions. For more information, see 11484 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11485 // in the IAM User Guide. 11486 // 11487 // * AWSOrganizationsNotInUseException 11488 // Your account isn't a member of an organization. To make this request, you 11489 // must use the credentials of an account that belongs to an organization. 11490 // 11491 // * InvalidInputException 11492 // The requested operation failed because you provided invalid values for one 11493 // or more of the request parameters. This exception includes a reason that 11494 // contains additional information about the violated limit: 11495 // 11496 // Some of the reasons in the following list might not be applicable to this 11497 // specific API or operation. 11498 // 11499 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 11500 // the same entity. 11501 // 11502 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11503 // can't be modified. 11504 // 11505 // * INPUT_REQUIRED: You must include a value for all required parameters. 11506 // 11507 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 11508 // for the invited account owner. 11509 // 11510 // * INVALID_ENUM: You specified an invalid value. 11511 // 11512 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 11513 // 11514 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11515 // characters. 11516 // 11517 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11518 // at least one invalid value. 11519 // 11520 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11521 // from the response to a previous call of the operation. 11522 // 11523 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11524 // organization, or email) as a party. 11525 // 11526 // * INVALID_PATTERN: You provided a value that doesn't match the required 11527 // pattern. 11528 // 11529 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11530 // match the required pattern. 11531 // 11532 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11533 // name can't begin with the reserved prefix AWSServiceRoleFor. 11534 // 11535 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11536 // Name (ARN) for the organization. 11537 // 11538 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11539 // 11540 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11541 // tag. You can’t add, edit, or delete system tag keys because they're 11542 // reserved for AWS use. System tags don’t count against your tags per 11543 // resource limit. 11544 // 11545 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11546 // for the operation. 11547 // 11548 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11549 // than allowed. 11550 // 11551 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11552 // value than allowed. 11553 // 11554 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11555 // than allowed. 11556 // 11557 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11558 // value than allowed. 11559 // 11560 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11561 // between entities in the same root. 11562 // 11563 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 11564 // target entity. 11565 // 11566 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 11567 // isn't recognized. 11568 // 11569 // * ServiceException 11570 // AWS Organizations can't complete your request because of an internal service 11571 // error. Try again later. 11572 // 11573 // * TargetNotFoundException 11574 // We can't find a root, OU, account, or policy with the TargetId that you specified. 11575 // 11576 // * TooManyRequestsException 11577 // You have sent too many requests in too short a period of time. The quota 11578 // helps protect against denial-of-service attacks. Try again later. 11579 // 11580 // For information about quotas that affect AWS Organizations, see Quotas for 11581 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11582 // the AWS Organizations User Guide. 11583 // 11584 // * UnsupportedAPIEndpointException 11585 // This action isn't available in the current AWS Region. 11586 // 11587 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget 11588 func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) { 11589 req, out := c.ListPoliciesForTargetRequest(input) 11590 return out, req.Send() 11591 } 11592 11593 // ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of 11594 // the ability to pass a context and additional request options. 11595 // 11596 // See ListPoliciesForTarget for details on how to use this API operation. 11597 // 11598 // The context must be non-nil and will be used for request cancellation. If 11599 // the context is nil a panic will occur. In the future the SDK may create 11600 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11601 // for more information on using Contexts. 11602 func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) { 11603 req, out := c.ListPoliciesForTargetRequest(input) 11604 req.SetContext(ctx) 11605 req.ApplyOptions(opts...) 11606 return out, req.Send() 11607 } 11608 11609 // ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation, 11610 // calling the "fn" function with the response data for each page. To stop 11611 // iterating, return false from the fn function. 11612 // 11613 // See ListPoliciesForTarget method for more information on how to use this operation. 11614 // 11615 // Note: This operation can generate multiple requests to a service. 11616 // 11617 // // Example iterating over at most 3 pages of a ListPoliciesForTarget operation. 11618 // pageNum := 0 11619 // err := client.ListPoliciesForTargetPages(params, 11620 // func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool { 11621 // pageNum++ 11622 // fmt.Println(page) 11623 // return pageNum <= 3 11624 // }) 11625 // 11626 func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error { 11627 return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn) 11628 } 11629 11630 // ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except 11631 // it takes a Context and allows setting request options on the pages. 11632 // 11633 // The context must be non-nil and will be used for request cancellation. If 11634 // the context is nil a panic will occur. In the future the SDK may create 11635 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11636 // for more information on using Contexts. 11637 func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error { 11638 p := request.Pagination{ 11639 NewRequest: func() (*request.Request, error) { 11640 var inCpy *ListPoliciesForTargetInput 11641 if input != nil { 11642 tmp := *input 11643 inCpy = &tmp 11644 } 11645 req, _ := c.ListPoliciesForTargetRequest(inCpy) 11646 req.SetContext(ctx) 11647 req.ApplyOptions(opts...) 11648 return req, nil 11649 }, 11650 } 11651 11652 for p.Next() { 11653 if !fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) { 11654 break 11655 } 11656 } 11657 11658 return p.Err() 11659 } 11660 11661 const opListRoots = "ListRoots" 11662 11663 // ListRootsRequest generates a "aws/request.Request" representing the 11664 // client's request for the ListRoots operation. The "output" return 11665 // value will be populated with the request's response once the request completes 11666 // successfully. 11667 // 11668 // Use "Send" method on the returned Request to send the API call to the service. 11669 // the "output" return value is not valid until after Send returns without error. 11670 // 11671 // See ListRoots for more information on using the ListRoots 11672 // API call, and error handling. 11673 // 11674 // This method is useful when you want to inject custom logic or configuration 11675 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 11676 // 11677 // 11678 // // Example sending a request using the ListRootsRequest method. 11679 // req, resp := client.ListRootsRequest(params) 11680 // 11681 // err := req.Send() 11682 // if err == nil { // resp is now filled 11683 // fmt.Println(resp) 11684 // } 11685 // 11686 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 11687 func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) { 11688 op := &request.Operation{ 11689 Name: opListRoots, 11690 HTTPMethod: "POST", 11691 HTTPPath: "/", 11692 Paginator: &request.Paginator{ 11693 InputTokens: []string{"NextToken"}, 11694 OutputTokens: []string{"NextToken"}, 11695 LimitToken: "MaxResults", 11696 TruncationToken: "", 11697 }, 11698 } 11699 11700 if input == nil { 11701 input = &ListRootsInput{} 11702 } 11703 11704 output = &ListRootsOutput{} 11705 req = c.newRequest(op, input, output) 11706 return 11707 } 11708 11709 // ListRoots API operation for AWS Organizations. 11710 // 11711 // Lists the roots that are defined in the current organization. 11712 // 11713 // Always check the NextToken response parameter for a null value when calling 11714 // a List* operation. These operations can occasionally return an empty set 11715 // of results even when there are more results available. The NextToken response 11716 // parameter value is null only when there are no more results to display. 11717 // 11718 // This operation can be called only from the organization's management account 11719 // or by a member account that is a delegated administrator for an AWS service. 11720 // 11721 // Policy types can be enabled and disabled in roots. This is distinct from 11722 // whether they're available in the organization. When you enable all features, 11723 // you make policy types available for use in that organization. Individual 11724 // policy types can then be enabled and disabled in a root. To see the availability 11725 // of a policy type in an organization, use DescribeOrganization. 11726 // 11727 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11728 // with awserr.Error's Code and Message methods to get detailed information about 11729 // the error. 11730 // 11731 // See the AWS API reference guide for AWS Organizations's 11732 // API operation ListRoots for usage and error information. 11733 // 11734 // Returned Error Types: 11735 // * AccessDeniedException 11736 // You don't have permissions to perform the requested operation. The user or 11737 // role that is making the request must have at least one IAM permissions policy 11738 // attached that grants the required permissions. For more information, see 11739 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11740 // in the IAM User Guide. 11741 // 11742 // * AWSOrganizationsNotInUseException 11743 // Your account isn't a member of an organization. To make this request, you 11744 // must use the credentials of an account that belongs to an organization. 11745 // 11746 // * InvalidInputException 11747 // The requested operation failed because you provided invalid values for one 11748 // or more of the request parameters. This exception includes a reason that 11749 // contains additional information about the violated limit: 11750 // 11751 // Some of the reasons in the following list might not be applicable to this 11752 // specific API or operation. 11753 // 11754 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 11755 // the same entity. 11756 // 11757 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 11758 // can't be modified. 11759 // 11760 // * INPUT_REQUIRED: You must include a value for all required parameters. 11761 // 11762 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 11763 // for the invited account owner. 11764 // 11765 // * INVALID_ENUM: You specified an invalid value. 11766 // 11767 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 11768 // 11769 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 11770 // characters. 11771 // 11772 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 11773 // at least one invalid value. 11774 // 11775 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 11776 // from the response to a previous call of the operation. 11777 // 11778 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 11779 // organization, or email) as a party. 11780 // 11781 // * INVALID_PATTERN: You provided a value that doesn't match the required 11782 // pattern. 11783 // 11784 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 11785 // match the required pattern. 11786 // 11787 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 11788 // name can't begin with the reserved prefix AWSServiceRoleFor. 11789 // 11790 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 11791 // Name (ARN) for the organization. 11792 // 11793 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 11794 // 11795 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 11796 // tag. You can’t add, edit, or delete system tag keys because they're 11797 // reserved for AWS use. System tags don’t count against your tags per 11798 // resource limit. 11799 // 11800 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 11801 // for the operation. 11802 // 11803 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 11804 // than allowed. 11805 // 11806 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 11807 // value than allowed. 11808 // 11809 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 11810 // than allowed. 11811 // 11812 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 11813 // value than allowed. 11814 // 11815 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 11816 // between entities in the same root. 11817 // 11818 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 11819 // target entity. 11820 // 11821 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 11822 // isn't recognized. 11823 // 11824 // * ServiceException 11825 // AWS Organizations can't complete your request because of an internal service 11826 // error. Try again later. 11827 // 11828 // * TooManyRequestsException 11829 // You have sent too many requests in too short a period of time. The quota 11830 // helps protect against denial-of-service attacks. Try again later. 11831 // 11832 // For information about quotas that affect AWS Organizations, see Quotas for 11833 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 11834 // the AWS Organizations User Guide. 11835 // 11836 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots 11837 func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) { 11838 req, out := c.ListRootsRequest(input) 11839 return out, req.Send() 11840 } 11841 11842 // ListRootsWithContext is the same as ListRoots with the addition of 11843 // the ability to pass a context and additional request options. 11844 // 11845 // See ListRoots for details on how to use this API operation. 11846 // 11847 // The context must be non-nil and will be used for request cancellation. If 11848 // the context is nil a panic will occur. In the future the SDK may create 11849 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11850 // for more information on using Contexts. 11851 func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) { 11852 req, out := c.ListRootsRequest(input) 11853 req.SetContext(ctx) 11854 req.ApplyOptions(opts...) 11855 return out, req.Send() 11856 } 11857 11858 // ListRootsPages iterates over the pages of a ListRoots operation, 11859 // calling the "fn" function with the response data for each page. To stop 11860 // iterating, return false from the fn function. 11861 // 11862 // See ListRoots method for more information on how to use this operation. 11863 // 11864 // Note: This operation can generate multiple requests to a service. 11865 // 11866 // // Example iterating over at most 3 pages of a ListRoots operation. 11867 // pageNum := 0 11868 // err := client.ListRootsPages(params, 11869 // func(page *organizations.ListRootsOutput, lastPage bool) bool { 11870 // pageNum++ 11871 // fmt.Println(page) 11872 // return pageNum <= 3 11873 // }) 11874 // 11875 func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error { 11876 return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn) 11877 } 11878 11879 // ListRootsPagesWithContext same as ListRootsPages except 11880 // it takes a Context and allows setting request options on the pages. 11881 // 11882 // The context must be non-nil and will be used for request cancellation. If 11883 // the context is nil a panic will occur. In the future the SDK may create 11884 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 11885 // for more information on using Contexts. 11886 func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error { 11887 p := request.Pagination{ 11888 NewRequest: func() (*request.Request, error) { 11889 var inCpy *ListRootsInput 11890 if input != nil { 11891 tmp := *input 11892 inCpy = &tmp 11893 } 11894 req, _ := c.ListRootsRequest(inCpy) 11895 req.SetContext(ctx) 11896 req.ApplyOptions(opts...) 11897 return req, nil 11898 }, 11899 } 11900 11901 for p.Next() { 11902 if !fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) { 11903 break 11904 } 11905 } 11906 11907 return p.Err() 11908 } 11909 11910 const opListTagsForResource = "ListTagsForResource" 11911 11912 // ListTagsForResourceRequest generates a "aws/request.Request" representing the 11913 // client's request for the ListTagsForResource operation. The "output" return 11914 // value will be populated with the request's response once the request completes 11915 // successfully. 11916 // 11917 // Use "Send" method on the returned Request to send the API call to the service. 11918 // the "output" return value is not valid until after Send returns without error. 11919 // 11920 // See ListTagsForResource for more information on using the ListTagsForResource 11921 // API call, and error handling. 11922 // 11923 // This method is useful when you want to inject custom logic or configuration 11924 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 11925 // 11926 // 11927 // // Example sending a request using the ListTagsForResourceRequest method. 11928 // req, resp := client.ListTagsForResourceRequest(params) 11929 // 11930 // err := req.Send() 11931 // if err == nil { // resp is now filled 11932 // fmt.Println(resp) 11933 // } 11934 // 11935 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 11936 func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { 11937 op := &request.Operation{ 11938 Name: opListTagsForResource, 11939 HTTPMethod: "POST", 11940 HTTPPath: "/", 11941 Paginator: &request.Paginator{ 11942 InputTokens: []string{"NextToken"}, 11943 OutputTokens: []string{"NextToken"}, 11944 LimitToken: "", 11945 TruncationToken: "", 11946 }, 11947 } 11948 11949 if input == nil { 11950 input = &ListTagsForResourceInput{} 11951 } 11952 11953 output = &ListTagsForResourceOutput{} 11954 req = c.newRequest(op, input, output) 11955 return 11956 } 11957 11958 // ListTagsForResource API operation for AWS Organizations. 11959 // 11960 // Lists tags that are attached to the specified resource. 11961 // 11962 // You can attach tags to the following resources in AWS Organizations. 11963 // 11964 // * AWS account 11965 // 11966 // * Organization root 11967 // 11968 // * Organizational unit (OU) 11969 // 11970 // * Policy (any type) 11971 // 11972 // This operation can be called only from the organization's management account 11973 // or by a member account that is a delegated administrator for an AWS service. 11974 // 11975 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 11976 // with awserr.Error's Code and Message methods to get detailed information about 11977 // the error. 11978 // 11979 // See the AWS API reference guide for AWS Organizations's 11980 // API operation ListTagsForResource for usage and error information. 11981 // 11982 // Returned Error Types: 11983 // * AccessDeniedException 11984 // You don't have permissions to perform the requested operation. The user or 11985 // role that is making the request must have at least one IAM permissions policy 11986 // attached that grants the required permissions. For more information, see 11987 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 11988 // in the IAM User Guide. 11989 // 11990 // * AWSOrganizationsNotInUseException 11991 // Your account isn't a member of an organization. To make this request, you 11992 // must use the credentials of an account that belongs to an organization. 11993 // 11994 // * TargetNotFoundException 11995 // We can't find a root, OU, account, or policy with the TargetId that you specified. 11996 // 11997 // * InvalidInputException 11998 // The requested operation failed because you provided invalid values for one 11999 // or more of the request parameters. This exception includes a reason that 12000 // contains additional information about the violated limit: 12001 // 12002 // Some of the reasons in the following list might not be applicable to this 12003 // specific API or operation. 12004 // 12005 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 12006 // the same entity. 12007 // 12008 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12009 // can't be modified. 12010 // 12011 // * INPUT_REQUIRED: You must include a value for all required parameters. 12012 // 12013 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 12014 // for the invited account owner. 12015 // 12016 // * INVALID_ENUM: You specified an invalid value. 12017 // 12018 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 12019 // 12020 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12021 // characters. 12022 // 12023 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12024 // at least one invalid value. 12025 // 12026 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12027 // from the response to a previous call of the operation. 12028 // 12029 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12030 // organization, or email) as a party. 12031 // 12032 // * INVALID_PATTERN: You provided a value that doesn't match the required 12033 // pattern. 12034 // 12035 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12036 // match the required pattern. 12037 // 12038 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12039 // name can't begin with the reserved prefix AWSServiceRoleFor. 12040 // 12041 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12042 // Name (ARN) for the organization. 12043 // 12044 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12045 // 12046 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12047 // tag. You can’t add, edit, or delete system tag keys because they're 12048 // reserved for AWS use. System tags don’t count against your tags per 12049 // resource limit. 12050 // 12051 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12052 // for the operation. 12053 // 12054 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12055 // than allowed. 12056 // 12057 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12058 // value than allowed. 12059 // 12060 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12061 // than allowed. 12062 // 12063 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12064 // value than allowed. 12065 // 12066 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12067 // between entities in the same root. 12068 // 12069 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 12070 // target entity. 12071 // 12072 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 12073 // isn't recognized. 12074 // 12075 // * ServiceException 12076 // AWS Organizations can't complete your request because of an internal service 12077 // error. Try again later. 12078 // 12079 // * TooManyRequestsException 12080 // You have sent too many requests in too short a period of time. The quota 12081 // helps protect against denial-of-service attacks. Try again later. 12082 // 12083 // For information about quotas that affect AWS Organizations, see Quotas for 12084 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12085 // the AWS Organizations User Guide. 12086 // 12087 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource 12088 func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { 12089 req, out := c.ListTagsForResourceRequest(input) 12090 return out, req.Send() 12091 } 12092 12093 // ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of 12094 // the ability to pass a context and additional request options. 12095 // 12096 // See ListTagsForResource for details on how to use this API operation. 12097 // 12098 // The context must be non-nil and will be used for request cancellation. If 12099 // the context is nil a panic will occur. In the future the SDK may create 12100 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12101 // for more information on using Contexts. 12102 func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { 12103 req, out := c.ListTagsForResourceRequest(input) 12104 req.SetContext(ctx) 12105 req.ApplyOptions(opts...) 12106 return out, req.Send() 12107 } 12108 12109 // ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation, 12110 // calling the "fn" function with the response data for each page. To stop 12111 // iterating, return false from the fn function. 12112 // 12113 // See ListTagsForResource method for more information on how to use this operation. 12114 // 12115 // Note: This operation can generate multiple requests to a service. 12116 // 12117 // // Example iterating over at most 3 pages of a ListTagsForResource operation. 12118 // pageNum := 0 12119 // err := client.ListTagsForResourcePages(params, 12120 // func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool { 12121 // pageNum++ 12122 // fmt.Println(page) 12123 // return pageNum <= 3 12124 // }) 12125 // 12126 func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error { 12127 return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn) 12128 } 12129 12130 // ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except 12131 // it takes a Context and allows setting request options on the pages. 12132 // 12133 // The context must be non-nil and will be used for request cancellation. If 12134 // the context is nil a panic will occur. In the future the SDK may create 12135 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12136 // for more information on using Contexts. 12137 func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error { 12138 p := request.Pagination{ 12139 NewRequest: func() (*request.Request, error) { 12140 var inCpy *ListTagsForResourceInput 12141 if input != nil { 12142 tmp := *input 12143 inCpy = &tmp 12144 } 12145 req, _ := c.ListTagsForResourceRequest(inCpy) 12146 req.SetContext(ctx) 12147 req.ApplyOptions(opts...) 12148 return req, nil 12149 }, 12150 } 12151 12152 for p.Next() { 12153 if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) { 12154 break 12155 } 12156 } 12157 12158 return p.Err() 12159 } 12160 12161 const opListTargetsForPolicy = "ListTargetsForPolicy" 12162 12163 // ListTargetsForPolicyRequest generates a "aws/request.Request" representing the 12164 // client's request for the ListTargetsForPolicy operation. The "output" return 12165 // value will be populated with the request's response once the request completes 12166 // successfully. 12167 // 12168 // Use "Send" method on the returned Request to send the API call to the service. 12169 // the "output" return value is not valid until after Send returns without error. 12170 // 12171 // See ListTargetsForPolicy for more information on using the ListTargetsForPolicy 12172 // API call, and error handling. 12173 // 12174 // This method is useful when you want to inject custom logic or configuration 12175 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 12176 // 12177 // 12178 // // Example sending a request using the ListTargetsForPolicyRequest method. 12179 // req, resp := client.ListTargetsForPolicyRequest(params) 12180 // 12181 // err := req.Send() 12182 // if err == nil { // resp is now filled 12183 // fmt.Println(resp) 12184 // } 12185 // 12186 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 12187 func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) { 12188 op := &request.Operation{ 12189 Name: opListTargetsForPolicy, 12190 HTTPMethod: "POST", 12191 HTTPPath: "/", 12192 Paginator: &request.Paginator{ 12193 InputTokens: []string{"NextToken"}, 12194 OutputTokens: []string{"NextToken"}, 12195 LimitToken: "MaxResults", 12196 TruncationToken: "", 12197 }, 12198 } 12199 12200 if input == nil { 12201 input = &ListTargetsForPolicyInput{} 12202 } 12203 12204 output = &ListTargetsForPolicyOutput{} 12205 req = c.newRequest(op, input, output) 12206 return 12207 } 12208 12209 // ListTargetsForPolicy API operation for AWS Organizations. 12210 // 12211 // Lists all the roots, organizational units (OUs), and accounts that the specified 12212 // policy is attached to. 12213 // 12214 // Always check the NextToken response parameter for a null value when calling 12215 // a List* operation. These operations can occasionally return an empty set 12216 // of results even when there are more results available. The NextToken response 12217 // parameter value is null only when there are no more results to display. 12218 // 12219 // This operation can be called only from the organization's management account 12220 // or by a member account that is a delegated administrator for an AWS service. 12221 // 12222 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 12223 // with awserr.Error's Code and Message methods to get detailed information about 12224 // the error. 12225 // 12226 // See the AWS API reference guide for AWS Organizations's 12227 // API operation ListTargetsForPolicy for usage and error information. 12228 // 12229 // Returned Error Types: 12230 // * AccessDeniedException 12231 // You don't have permissions to perform the requested operation. The user or 12232 // role that is making the request must have at least one IAM permissions policy 12233 // attached that grants the required permissions. For more information, see 12234 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 12235 // in the IAM User Guide. 12236 // 12237 // * AWSOrganizationsNotInUseException 12238 // Your account isn't a member of an organization. To make this request, you 12239 // must use the credentials of an account that belongs to an organization. 12240 // 12241 // * InvalidInputException 12242 // The requested operation failed because you provided invalid values for one 12243 // or more of the request parameters. This exception includes a reason that 12244 // contains additional information about the violated limit: 12245 // 12246 // Some of the reasons in the following list might not be applicable to this 12247 // specific API or operation. 12248 // 12249 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 12250 // the same entity. 12251 // 12252 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12253 // can't be modified. 12254 // 12255 // * INPUT_REQUIRED: You must include a value for all required parameters. 12256 // 12257 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 12258 // for the invited account owner. 12259 // 12260 // * INVALID_ENUM: You specified an invalid value. 12261 // 12262 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 12263 // 12264 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12265 // characters. 12266 // 12267 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12268 // at least one invalid value. 12269 // 12270 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12271 // from the response to a previous call of the operation. 12272 // 12273 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12274 // organization, or email) as a party. 12275 // 12276 // * INVALID_PATTERN: You provided a value that doesn't match the required 12277 // pattern. 12278 // 12279 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12280 // match the required pattern. 12281 // 12282 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12283 // name can't begin with the reserved prefix AWSServiceRoleFor. 12284 // 12285 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12286 // Name (ARN) for the organization. 12287 // 12288 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12289 // 12290 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12291 // tag. You can’t add, edit, or delete system tag keys because they're 12292 // reserved for AWS use. System tags don’t count against your tags per 12293 // resource limit. 12294 // 12295 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12296 // for the operation. 12297 // 12298 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12299 // than allowed. 12300 // 12301 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12302 // value than allowed. 12303 // 12304 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12305 // than allowed. 12306 // 12307 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12308 // value than allowed. 12309 // 12310 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12311 // between entities in the same root. 12312 // 12313 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 12314 // target entity. 12315 // 12316 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 12317 // isn't recognized. 12318 // 12319 // * PolicyNotFoundException 12320 // We can't find a policy with the PolicyId that you specified. 12321 // 12322 // * ServiceException 12323 // AWS Organizations can't complete your request because of an internal service 12324 // error. Try again later. 12325 // 12326 // * TooManyRequestsException 12327 // You have sent too many requests in too short a period of time. The quota 12328 // helps protect against denial-of-service attacks. Try again later. 12329 // 12330 // For information about quotas that affect AWS Organizations, see Quotas for 12331 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12332 // the AWS Organizations User Guide. 12333 // 12334 // * UnsupportedAPIEndpointException 12335 // This action isn't available in the current AWS Region. 12336 // 12337 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy 12338 func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) { 12339 req, out := c.ListTargetsForPolicyRequest(input) 12340 return out, req.Send() 12341 } 12342 12343 // ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of 12344 // the ability to pass a context and additional request options. 12345 // 12346 // See ListTargetsForPolicy for details on how to use this API operation. 12347 // 12348 // The context must be non-nil and will be used for request cancellation. If 12349 // the context is nil a panic will occur. In the future the SDK may create 12350 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12351 // for more information on using Contexts. 12352 func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) { 12353 req, out := c.ListTargetsForPolicyRequest(input) 12354 req.SetContext(ctx) 12355 req.ApplyOptions(opts...) 12356 return out, req.Send() 12357 } 12358 12359 // ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation, 12360 // calling the "fn" function with the response data for each page. To stop 12361 // iterating, return false from the fn function. 12362 // 12363 // See ListTargetsForPolicy method for more information on how to use this operation. 12364 // 12365 // Note: This operation can generate multiple requests to a service. 12366 // 12367 // // Example iterating over at most 3 pages of a ListTargetsForPolicy operation. 12368 // pageNum := 0 12369 // err := client.ListTargetsForPolicyPages(params, 12370 // func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool { 12371 // pageNum++ 12372 // fmt.Println(page) 12373 // return pageNum <= 3 12374 // }) 12375 // 12376 func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error { 12377 return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn) 12378 } 12379 12380 // ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except 12381 // it takes a Context and allows setting request options on the pages. 12382 // 12383 // The context must be non-nil and will be used for request cancellation. If 12384 // the context is nil a panic will occur. In the future the SDK may create 12385 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12386 // for more information on using Contexts. 12387 func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error { 12388 p := request.Pagination{ 12389 NewRequest: func() (*request.Request, error) { 12390 var inCpy *ListTargetsForPolicyInput 12391 if input != nil { 12392 tmp := *input 12393 inCpy = &tmp 12394 } 12395 req, _ := c.ListTargetsForPolicyRequest(inCpy) 12396 req.SetContext(ctx) 12397 req.ApplyOptions(opts...) 12398 return req, nil 12399 }, 12400 } 12401 12402 for p.Next() { 12403 if !fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) { 12404 break 12405 } 12406 } 12407 12408 return p.Err() 12409 } 12410 12411 const opMoveAccount = "MoveAccount" 12412 12413 // MoveAccountRequest generates a "aws/request.Request" representing the 12414 // client's request for the MoveAccount operation. The "output" return 12415 // value will be populated with the request's response once the request completes 12416 // successfully. 12417 // 12418 // Use "Send" method on the returned Request to send the API call to the service. 12419 // the "output" return value is not valid until after Send returns without error. 12420 // 12421 // See MoveAccount for more information on using the MoveAccount 12422 // API call, and error handling. 12423 // 12424 // This method is useful when you want to inject custom logic or configuration 12425 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 12426 // 12427 // 12428 // // Example sending a request using the MoveAccountRequest method. 12429 // req, resp := client.MoveAccountRequest(params) 12430 // 12431 // err := req.Send() 12432 // if err == nil { // resp is now filled 12433 // fmt.Println(resp) 12434 // } 12435 // 12436 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 12437 func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) { 12438 op := &request.Operation{ 12439 Name: opMoveAccount, 12440 HTTPMethod: "POST", 12441 HTTPPath: "/", 12442 } 12443 12444 if input == nil { 12445 input = &MoveAccountInput{} 12446 } 12447 12448 output = &MoveAccountOutput{} 12449 req = c.newRequest(op, input, output) 12450 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 12451 return 12452 } 12453 12454 // MoveAccount API operation for AWS Organizations. 12455 // 12456 // Moves an account from its current source parent root or organizational unit 12457 // (OU) to the specified destination parent root or OU. 12458 // 12459 // This operation can be called only from the organization's management account. 12460 // 12461 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 12462 // with awserr.Error's Code and Message methods to get detailed information about 12463 // the error. 12464 // 12465 // See the AWS API reference guide for AWS Organizations's 12466 // API operation MoveAccount for usage and error information. 12467 // 12468 // Returned Error Types: 12469 // * AccessDeniedException 12470 // You don't have permissions to perform the requested operation. The user or 12471 // role that is making the request must have at least one IAM permissions policy 12472 // attached that grants the required permissions. For more information, see 12473 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 12474 // in the IAM User Guide. 12475 // 12476 // * InvalidInputException 12477 // The requested operation failed because you provided invalid values for one 12478 // or more of the request parameters. This exception includes a reason that 12479 // contains additional information about the violated limit: 12480 // 12481 // Some of the reasons in the following list might not be applicable to this 12482 // specific API or operation. 12483 // 12484 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 12485 // the same entity. 12486 // 12487 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12488 // can't be modified. 12489 // 12490 // * INPUT_REQUIRED: You must include a value for all required parameters. 12491 // 12492 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 12493 // for the invited account owner. 12494 // 12495 // * INVALID_ENUM: You specified an invalid value. 12496 // 12497 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 12498 // 12499 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12500 // characters. 12501 // 12502 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12503 // at least one invalid value. 12504 // 12505 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12506 // from the response to a previous call of the operation. 12507 // 12508 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12509 // organization, or email) as a party. 12510 // 12511 // * INVALID_PATTERN: You provided a value that doesn't match the required 12512 // pattern. 12513 // 12514 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12515 // match the required pattern. 12516 // 12517 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12518 // name can't begin with the reserved prefix AWSServiceRoleFor. 12519 // 12520 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12521 // Name (ARN) for the organization. 12522 // 12523 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12524 // 12525 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12526 // tag. You can’t add, edit, or delete system tag keys because they're 12527 // reserved for AWS use. System tags don’t count against your tags per 12528 // resource limit. 12529 // 12530 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12531 // for the operation. 12532 // 12533 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12534 // than allowed. 12535 // 12536 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12537 // value than allowed. 12538 // 12539 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12540 // than allowed. 12541 // 12542 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12543 // value than allowed. 12544 // 12545 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12546 // between entities in the same root. 12547 // 12548 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 12549 // target entity. 12550 // 12551 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 12552 // isn't recognized. 12553 // 12554 // * SourceParentNotFoundException 12555 // We can't find a source root or OU with the ParentId that you specified. 12556 // 12557 // * DestinationParentNotFoundException 12558 // We can't find the destination container (a root or OU) with the ParentId 12559 // that you specified. 12560 // 12561 // * DuplicateAccountException 12562 // That account is already present in the specified destination. 12563 // 12564 // * AccountNotFoundException 12565 // We can't find an AWS account with the AccountId that you specified, or the 12566 // account whose credentials you used to make this request isn't a member of 12567 // an organization. 12568 // 12569 // * TooManyRequestsException 12570 // You have sent too many requests in too short a period of time. The quota 12571 // helps protect against denial-of-service attacks. Try again later. 12572 // 12573 // For information about quotas that affect AWS Organizations, see Quotas for 12574 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12575 // the AWS Organizations User Guide. 12576 // 12577 // * ConcurrentModificationException 12578 // The target of the operation is currently being modified by a different request. 12579 // Try again later. 12580 // 12581 // * AWSOrganizationsNotInUseException 12582 // Your account isn't a member of an organization. To make this request, you 12583 // must use the credentials of an account that belongs to an organization. 12584 // 12585 // * ServiceException 12586 // AWS Organizations can't complete your request because of an internal service 12587 // error. Try again later. 12588 // 12589 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount 12590 func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) { 12591 req, out := c.MoveAccountRequest(input) 12592 return out, req.Send() 12593 } 12594 12595 // MoveAccountWithContext is the same as MoveAccount with the addition of 12596 // the ability to pass a context and additional request options. 12597 // 12598 // See MoveAccount for details on how to use this API operation. 12599 // 12600 // The context must be non-nil and will be used for request cancellation. If 12601 // the context is nil a panic will occur. In the future the SDK may create 12602 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12603 // for more information on using Contexts. 12604 func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) { 12605 req, out := c.MoveAccountRequest(input) 12606 req.SetContext(ctx) 12607 req.ApplyOptions(opts...) 12608 return out, req.Send() 12609 } 12610 12611 const opRegisterDelegatedAdministrator = "RegisterDelegatedAdministrator" 12612 12613 // RegisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the 12614 // client's request for the RegisterDelegatedAdministrator operation. The "output" return 12615 // value will be populated with the request's response once the request completes 12616 // successfully. 12617 // 12618 // Use "Send" method on the returned Request to send the API call to the service. 12619 // the "output" return value is not valid until after Send returns without error. 12620 // 12621 // See RegisterDelegatedAdministrator for more information on using the RegisterDelegatedAdministrator 12622 // API call, and error handling. 12623 // 12624 // This method is useful when you want to inject custom logic or configuration 12625 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 12626 // 12627 // 12628 // // Example sending a request using the RegisterDelegatedAdministratorRequest method. 12629 // req, resp := client.RegisterDelegatedAdministratorRequest(params) 12630 // 12631 // err := req.Send() 12632 // if err == nil { // resp is now filled 12633 // fmt.Println(resp) 12634 // } 12635 // 12636 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator 12637 func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDelegatedAdministratorInput) (req *request.Request, output *RegisterDelegatedAdministratorOutput) { 12638 op := &request.Operation{ 12639 Name: opRegisterDelegatedAdministrator, 12640 HTTPMethod: "POST", 12641 HTTPPath: "/", 12642 } 12643 12644 if input == nil { 12645 input = &RegisterDelegatedAdministratorInput{} 12646 } 12647 12648 output = &RegisterDelegatedAdministratorOutput{} 12649 req = c.newRequest(op, input, output) 12650 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 12651 return 12652 } 12653 12654 // RegisterDelegatedAdministrator API operation for AWS Organizations. 12655 // 12656 // Enables the specified member account to administer the Organizations features 12657 // of the specified AWS service. It grants read-only access to AWS Organizations 12658 // service data. The account still requires IAM permissions to access and administer 12659 // the AWS service. 12660 // 12661 // You can run this action only for AWS services that support this feature. 12662 // For a current list of services that support it, see the column Supports Delegated 12663 // Administrator in the table at AWS Services that you can use with AWS Organizations 12664 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html) 12665 // in the AWS Organizations User Guide. 12666 // 12667 // This operation can be called only from the organization's management account. 12668 // 12669 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 12670 // with awserr.Error's Code and Message methods to get detailed information about 12671 // the error. 12672 // 12673 // See the AWS API reference guide for AWS Organizations's 12674 // API operation RegisterDelegatedAdministrator for usage and error information. 12675 // 12676 // Returned Error Types: 12677 // * AccessDeniedException 12678 // You don't have permissions to perform the requested operation. The user or 12679 // role that is making the request must have at least one IAM permissions policy 12680 // attached that grants the required permissions. For more information, see 12681 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 12682 // in the IAM User Guide. 12683 // 12684 // * AccountAlreadyRegisteredException 12685 // The specified account is already a delegated administrator for this AWS service. 12686 // 12687 // * AccountNotFoundException 12688 // We can't find an AWS account with the AccountId that you specified, or the 12689 // account whose credentials you used to make this request isn't a member of 12690 // an organization. 12691 // 12692 // * AWSOrganizationsNotInUseException 12693 // Your account isn't a member of an organization. To make this request, you 12694 // must use the credentials of an account that belongs to an organization. 12695 // 12696 // * ConcurrentModificationException 12697 // The target of the operation is currently being modified by a different request. 12698 // Try again later. 12699 // 12700 // * ConstraintViolationException 12701 // Performing this operation violates a minimum or maximum value limit. For 12702 // example, attempting to remove the last service control policy (SCP) from 12703 // an OU or root, inviting or creating too many accounts to the organization, 12704 // or attaching too many policies to an account, OU, or root. This exception 12705 // includes a reason that contains additional information about the violated 12706 // limit: 12707 // 12708 // Some of the reasons in the following list might not be applicable to this 12709 // specific API or operation. 12710 // 12711 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 12712 // account from the organization. You can't remove the management account. 12713 // Instead, after you remove all member accounts, delete the organization 12714 // itself. 12715 // 12716 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 12717 // from the organization that doesn't yet have enough information to exist 12718 // as a standalone account. This account requires you to first agree to the 12719 // AWS Customer Agreement. Follow the steps at Removing a member account 12720 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 12721 // the AWS Organizations User Guide. 12722 // 12723 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 12724 // an account from the organization that doesn't yet have enough information 12725 // to exist as a standalone account. This account requires you to first complete 12726 // phone verification. Follow the steps at Removing a member account from 12727 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 12728 // in the AWS Organizations User Guide. 12729 // 12730 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 12731 // of accounts that you can create in one day. 12732 // 12733 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 12734 // the number of accounts in an organization. If you need more accounts, 12735 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 12736 // request an increase in your limit. Or the number of invitations that you 12737 // tried to send would cause you to exceed the limit of accounts in your 12738 // organization. Send fewer invitations or contact AWS Support to request 12739 // an increase in the number of accounts. Deleted and closed accounts still 12740 // count toward your limit. If you get this exception when running a command 12741 // immediately after creating the organization, wait one hour and try again. 12742 // After an hour, if the command continues to fail with this error, contact 12743 // AWS Support (https://console.aws.amazon.com/support/home#/). 12744 // 12745 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 12746 // register the management account of the organization as a delegated administrator 12747 // for an AWS service integrated with Organizations. You can designate only 12748 // a member account as a delegated administrator. 12749 // 12750 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 12751 // an account that is registered as a delegated administrator for a service 12752 // integrated with your organization. To complete this operation, you must 12753 // first deregister this account as a delegated administrator. 12754 // 12755 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 12756 // organization in the specified region, you must enable all features mode. 12757 // 12758 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 12759 // an AWS account as a delegated administrator for an AWS service that already 12760 // has a delegated administrator. To complete this operation, you must first 12761 // deregister any existing delegated administrators for this service. 12762 // 12763 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 12764 // valid for a limited period of time. You must resubmit the request and 12765 // generate a new verfication code. 12766 // 12767 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 12768 // handshakes that you can send in one day. 12769 // 12770 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 12771 // in this organization, you first must migrate the organization's management 12772 // account to the marketplace that corresponds to the management account's 12773 // address. For example, accounts with India addresses must be associated 12774 // with the AISPL marketplace. All accounts in an organization must be associated 12775 // with the same marketplace. 12776 // 12777 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 12778 // in China. To create an organization, the master must have a valid business 12779 // license. For more information, contact customer support. 12780 // 12781 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 12782 // must first provide a valid contact address and phone number for the management 12783 // account. Then try the operation again. 12784 // 12785 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 12786 // management account must have an associated account in the AWS GovCloud 12787 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 12788 // in the AWS GovCloud User Guide. 12789 // 12790 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 12791 // with this management account, you first must associate a valid payment 12792 // instrument, such as a credit card, with the account. Follow the steps 12793 // at To leave an organization when all required account information has 12794 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12795 // in the AWS Organizations User Guide. 12796 // 12797 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 12798 // to register more delegated administrators than allowed for the service 12799 // principal. 12800 // 12801 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 12802 // number of policies of a certain type that can be attached to an entity 12803 // at one time. 12804 // 12805 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 12806 // on this resource. 12807 // 12808 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 12809 // with this member account, you first must associate a valid payment instrument, 12810 // such as a credit card, with the account. Follow the steps at To leave 12811 // an organization when all required account information has not yet been 12812 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 12813 // in the AWS Organizations User Guide. 12814 // 12815 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 12816 // policy from an entity that would cause the entity to have fewer than the 12817 // minimum number of policies of a certain type required. 12818 // 12819 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 12820 // that requires the organization to be configured to support all features. 12821 // An organization that supports only consolidated billing features can't 12822 // perform this operation. 12823 // 12824 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 12825 // too many levels deep. 12826 // 12827 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 12828 // that you can have in an organization. 12829 // 12830 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 12831 // is larger than the maximum size. 12832 // 12833 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 12834 // policies that you can have in an organization. 12835 // 12836 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 12837 // tags that are not compliant with the tag policy requirements for this 12838 // account. 12839 // 12840 // * InvalidInputException 12841 // The requested operation failed because you provided invalid values for one 12842 // or more of the request parameters. This exception includes a reason that 12843 // contains additional information about the violated limit: 12844 // 12845 // Some of the reasons in the following list might not be applicable to this 12846 // specific API or operation. 12847 // 12848 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 12849 // the same entity. 12850 // 12851 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 12852 // can't be modified. 12853 // 12854 // * INPUT_REQUIRED: You must include a value for all required parameters. 12855 // 12856 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 12857 // for the invited account owner. 12858 // 12859 // * INVALID_ENUM: You specified an invalid value. 12860 // 12861 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 12862 // 12863 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 12864 // characters. 12865 // 12866 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 12867 // at least one invalid value. 12868 // 12869 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 12870 // from the response to a previous call of the operation. 12871 // 12872 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 12873 // organization, or email) as a party. 12874 // 12875 // * INVALID_PATTERN: You provided a value that doesn't match the required 12876 // pattern. 12877 // 12878 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 12879 // match the required pattern. 12880 // 12881 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 12882 // name can't begin with the reserved prefix AWSServiceRoleFor. 12883 // 12884 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 12885 // Name (ARN) for the organization. 12886 // 12887 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 12888 // 12889 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 12890 // tag. You can’t add, edit, or delete system tag keys because they're 12891 // reserved for AWS use. System tags don’t count against your tags per 12892 // resource limit. 12893 // 12894 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 12895 // for the operation. 12896 // 12897 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 12898 // than allowed. 12899 // 12900 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 12901 // value than allowed. 12902 // 12903 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 12904 // than allowed. 12905 // 12906 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 12907 // value than allowed. 12908 // 12909 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 12910 // between entities in the same root. 12911 // 12912 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 12913 // target entity. 12914 // 12915 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 12916 // isn't recognized. 12917 // 12918 // * TooManyRequestsException 12919 // You have sent too many requests in too short a period of time. The quota 12920 // helps protect against denial-of-service attacks. Try again later. 12921 // 12922 // For information about quotas that affect AWS Organizations, see Quotas for 12923 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 12924 // the AWS Organizations User Guide. 12925 // 12926 // * ServiceException 12927 // AWS Organizations can't complete your request because of an internal service 12928 // error. Try again later. 12929 // 12930 // * UnsupportedAPIEndpointException 12931 // This action isn't available in the current AWS Region. 12932 // 12933 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator 12934 func (c *Organizations) RegisterDelegatedAdministrator(input *RegisterDelegatedAdministratorInput) (*RegisterDelegatedAdministratorOutput, error) { 12935 req, out := c.RegisterDelegatedAdministratorRequest(input) 12936 return out, req.Send() 12937 } 12938 12939 // RegisterDelegatedAdministratorWithContext is the same as RegisterDelegatedAdministrator with the addition of 12940 // the ability to pass a context and additional request options. 12941 // 12942 // See RegisterDelegatedAdministrator for details on how to use this API operation. 12943 // 12944 // The context must be non-nil and will be used for request cancellation. If 12945 // the context is nil a panic will occur. In the future the SDK may create 12946 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 12947 // for more information on using Contexts. 12948 func (c *Organizations) RegisterDelegatedAdministratorWithContext(ctx aws.Context, input *RegisterDelegatedAdministratorInput, opts ...request.Option) (*RegisterDelegatedAdministratorOutput, error) { 12949 req, out := c.RegisterDelegatedAdministratorRequest(input) 12950 req.SetContext(ctx) 12951 req.ApplyOptions(opts...) 12952 return out, req.Send() 12953 } 12954 12955 const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization" 12956 12957 // RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the 12958 // client's request for the RemoveAccountFromOrganization operation. The "output" return 12959 // value will be populated with the request's response once the request completes 12960 // successfully. 12961 // 12962 // Use "Send" method on the returned Request to send the API call to the service. 12963 // the "output" return value is not valid until after Send returns without error. 12964 // 12965 // See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization 12966 // API call, and error handling. 12967 // 12968 // This method is useful when you want to inject custom logic or configuration 12969 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 12970 // 12971 // 12972 // // Example sending a request using the RemoveAccountFromOrganizationRequest method. 12973 // req, resp := client.RemoveAccountFromOrganizationRequest(params) 12974 // 12975 // err := req.Send() 12976 // if err == nil { // resp is now filled 12977 // fmt.Println(resp) 12978 // } 12979 // 12980 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 12981 func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) { 12982 op := &request.Operation{ 12983 Name: opRemoveAccountFromOrganization, 12984 HTTPMethod: "POST", 12985 HTTPPath: "/", 12986 } 12987 12988 if input == nil { 12989 input = &RemoveAccountFromOrganizationInput{} 12990 } 12991 12992 output = &RemoveAccountFromOrganizationOutput{} 12993 req = c.newRequest(op, input, output) 12994 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 12995 return 12996 } 12997 12998 // RemoveAccountFromOrganization API operation for AWS Organizations. 12999 // 13000 // Removes the specified account from the organization. 13001 // 13002 // The removed account becomes a standalone account that isn't a member of any 13003 // organization. It's no longer subject to any policies and is responsible for 13004 // its own bill payments. The organization's management account is no longer 13005 // charged for any expenses accrued by the member account after it's removed 13006 // from the organization. 13007 // 13008 // This operation can be called only from the organization's management account. 13009 // Member accounts can remove themselves with LeaveOrganization instead. 13010 // 13011 // * You can remove an account from your organization only if the account 13012 // is configured with the information required to operate as a standalone 13013 // account. When you create an account in an organization using the AWS Organizations 13014 // console, API, or CLI commands, the information required of standalone 13015 // accounts is not automatically collected. For an account that you want 13016 // to make standalone, you must choose a support plan, provide and verify 13017 // the required contact information, and provide a current payment method. 13018 // AWS uses the payment method to charge for any billable (not free tier) 13019 // AWS activity that occurs while the account isn't attached to an organization. 13020 // To remove an account that doesn't yet have this information, you must 13021 // sign in as the member account and follow the steps at To leave an organization 13022 // when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13023 // in the AWS Organizations User Guide. 13024 // 13025 // * The account that you want to leave must not be a delegated administrator 13026 // account for any AWS service enabled for your organization. If the account 13027 // is a delegated administrator, you must first change the delegated administrator 13028 // account to another account that is remaining in the organization. 13029 // 13030 // * After the account leaves the organization, all tags that were attached 13031 // to the account object in the organization are deleted. AWS accounts outside 13032 // of an organization do not support tags. 13033 // 13034 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 13035 // with awserr.Error's Code and Message methods to get detailed information about 13036 // the error. 13037 // 13038 // See the AWS API reference guide for AWS Organizations's 13039 // API operation RemoveAccountFromOrganization for usage and error information. 13040 // 13041 // Returned Error Types: 13042 // * AccessDeniedException 13043 // You don't have permissions to perform the requested operation. The user or 13044 // role that is making the request must have at least one IAM permissions policy 13045 // attached that grants the required permissions. For more information, see 13046 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 13047 // in the IAM User Guide. 13048 // 13049 // * AccountNotFoundException 13050 // We can't find an AWS account with the AccountId that you specified, or the 13051 // account whose credentials you used to make this request isn't a member of 13052 // an organization. 13053 // 13054 // * AWSOrganizationsNotInUseException 13055 // Your account isn't a member of an organization. To make this request, you 13056 // must use the credentials of an account that belongs to an organization. 13057 // 13058 // * ConcurrentModificationException 13059 // The target of the operation is currently being modified by a different request. 13060 // Try again later. 13061 // 13062 // * ConstraintViolationException 13063 // Performing this operation violates a minimum or maximum value limit. For 13064 // example, attempting to remove the last service control policy (SCP) from 13065 // an OU or root, inviting or creating too many accounts to the organization, 13066 // or attaching too many policies to an account, OU, or root. This exception 13067 // includes a reason that contains additional information about the violated 13068 // limit: 13069 // 13070 // Some of the reasons in the following list might not be applicable to this 13071 // specific API or operation. 13072 // 13073 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 13074 // account from the organization. You can't remove the management account. 13075 // Instead, after you remove all member accounts, delete the organization 13076 // itself. 13077 // 13078 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 13079 // from the organization that doesn't yet have enough information to exist 13080 // as a standalone account. This account requires you to first agree to the 13081 // AWS Customer Agreement. Follow the steps at Removing a member account 13082 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 13083 // the AWS Organizations User Guide. 13084 // 13085 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 13086 // an account from the organization that doesn't yet have enough information 13087 // to exist as a standalone account. This account requires you to first complete 13088 // phone verification. Follow the steps at Removing a member account from 13089 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 13090 // in the AWS Organizations User Guide. 13091 // 13092 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 13093 // of accounts that you can create in one day. 13094 // 13095 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 13096 // the number of accounts in an organization. If you need more accounts, 13097 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 13098 // request an increase in your limit. Or the number of invitations that you 13099 // tried to send would cause you to exceed the limit of accounts in your 13100 // organization. Send fewer invitations or contact AWS Support to request 13101 // an increase in the number of accounts. Deleted and closed accounts still 13102 // count toward your limit. If you get this exception when running a command 13103 // immediately after creating the organization, wait one hour and try again. 13104 // After an hour, if the command continues to fail with this error, contact 13105 // AWS Support (https://console.aws.amazon.com/support/home#/). 13106 // 13107 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 13108 // register the management account of the organization as a delegated administrator 13109 // for an AWS service integrated with Organizations. You can designate only 13110 // a member account as a delegated administrator. 13111 // 13112 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 13113 // an account that is registered as a delegated administrator for a service 13114 // integrated with your organization. To complete this operation, you must 13115 // first deregister this account as a delegated administrator. 13116 // 13117 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 13118 // organization in the specified region, you must enable all features mode. 13119 // 13120 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 13121 // an AWS account as a delegated administrator for an AWS service that already 13122 // has a delegated administrator. To complete this operation, you must first 13123 // deregister any existing delegated administrators for this service. 13124 // 13125 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 13126 // valid for a limited period of time. You must resubmit the request and 13127 // generate a new verfication code. 13128 // 13129 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 13130 // handshakes that you can send in one day. 13131 // 13132 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 13133 // in this organization, you first must migrate the organization's management 13134 // account to the marketplace that corresponds to the management account's 13135 // address. For example, accounts with India addresses must be associated 13136 // with the AISPL marketplace. All accounts in an organization must be associated 13137 // with the same marketplace. 13138 // 13139 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 13140 // in China. To create an organization, the master must have a valid business 13141 // license. For more information, contact customer support. 13142 // 13143 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 13144 // must first provide a valid contact address and phone number for the management 13145 // account. Then try the operation again. 13146 // 13147 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 13148 // management account must have an associated account in the AWS GovCloud 13149 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 13150 // in the AWS GovCloud User Guide. 13151 // 13152 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 13153 // with this management account, you first must associate a valid payment 13154 // instrument, such as a credit card, with the account. Follow the steps 13155 // at To leave an organization when all required account information has 13156 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13157 // in the AWS Organizations User Guide. 13158 // 13159 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 13160 // to register more delegated administrators than allowed for the service 13161 // principal. 13162 // 13163 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 13164 // number of policies of a certain type that can be attached to an entity 13165 // at one time. 13166 // 13167 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 13168 // on this resource. 13169 // 13170 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 13171 // with this member account, you first must associate a valid payment instrument, 13172 // such as a credit card, with the account. Follow the steps at To leave 13173 // an organization when all required account information has not yet been 13174 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13175 // in the AWS Organizations User Guide. 13176 // 13177 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 13178 // policy from an entity that would cause the entity to have fewer than the 13179 // minimum number of policies of a certain type required. 13180 // 13181 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 13182 // that requires the organization to be configured to support all features. 13183 // An organization that supports only consolidated billing features can't 13184 // perform this operation. 13185 // 13186 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 13187 // too many levels deep. 13188 // 13189 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 13190 // that you can have in an organization. 13191 // 13192 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 13193 // is larger than the maximum size. 13194 // 13195 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 13196 // policies that you can have in an organization. 13197 // 13198 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 13199 // tags that are not compliant with the tag policy requirements for this 13200 // account. 13201 // 13202 // * InvalidInputException 13203 // The requested operation failed because you provided invalid values for one 13204 // or more of the request parameters. This exception includes a reason that 13205 // contains additional information about the violated limit: 13206 // 13207 // Some of the reasons in the following list might not be applicable to this 13208 // specific API or operation. 13209 // 13210 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 13211 // the same entity. 13212 // 13213 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 13214 // can't be modified. 13215 // 13216 // * INPUT_REQUIRED: You must include a value for all required parameters. 13217 // 13218 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 13219 // for the invited account owner. 13220 // 13221 // * INVALID_ENUM: You specified an invalid value. 13222 // 13223 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 13224 // 13225 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 13226 // characters. 13227 // 13228 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 13229 // at least one invalid value. 13230 // 13231 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 13232 // from the response to a previous call of the operation. 13233 // 13234 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 13235 // organization, or email) as a party. 13236 // 13237 // * INVALID_PATTERN: You provided a value that doesn't match the required 13238 // pattern. 13239 // 13240 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 13241 // match the required pattern. 13242 // 13243 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 13244 // name can't begin with the reserved prefix AWSServiceRoleFor. 13245 // 13246 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 13247 // Name (ARN) for the organization. 13248 // 13249 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 13250 // 13251 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 13252 // tag. You can’t add, edit, or delete system tag keys because they're 13253 // reserved for AWS use. System tags don’t count against your tags per 13254 // resource limit. 13255 // 13256 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 13257 // for the operation. 13258 // 13259 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 13260 // than allowed. 13261 // 13262 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 13263 // value than allowed. 13264 // 13265 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 13266 // than allowed. 13267 // 13268 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 13269 // value than allowed. 13270 // 13271 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 13272 // between entities in the same root. 13273 // 13274 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 13275 // target entity. 13276 // 13277 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 13278 // isn't recognized. 13279 // 13280 // * MasterCannotLeaveOrganizationException 13281 // You can't remove a management account from an organization. If you want the 13282 // management account to become a member account in another organization, you 13283 // must first delete the current organization of the management account. 13284 // 13285 // * ServiceException 13286 // AWS Organizations can't complete your request because of an internal service 13287 // error. Try again later. 13288 // 13289 // * TooManyRequestsException 13290 // You have sent too many requests in too short a period of time. The quota 13291 // helps protect against denial-of-service attacks. Try again later. 13292 // 13293 // For information about quotas that affect AWS Organizations, see Quotas for 13294 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 13295 // the AWS Organizations User Guide. 13296 // 13297 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization 13298 func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) { 13299 req, out := c.RemoveAccountFromOrganizationRequest(input) 13300 return out, req.Send() 13301 } 13302 13303 // RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of 13304 // the ability to pass a context and additional request options. 13305 // 13306 // See RemoveAccountFromOrganization for details on how to use this API operation. 13307 // 13308 // The context must be non-nil and will be used for request cancellation. If 13309 // the context is nil a panic will occur. In the future the SDK may create 13310 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 13311 // for more information on using Contexts. 13312 func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) { 13313 req, out := c.RemoveAccountFromOrganizationRequest(input) 13314 req.SetContext(ctx) 13315 req.ApplyOptions(opts...) 13316 return out, req.Send() 13317 } 13318 13319 const opTagResource = "TagResource" 13320 13321 // TagResourceRequest generates a "aws/request.Request" representing the 13322 // client's request for the TagResource operation. The "output" return 13323 // value will be populated with the request's response once the request completes 13324 // successfully. 13325 // 13326 // Use "Send" method on the returned Request to send the API call to the service. 13327 // the "output" return value is not valid until after Send returns without error. 13328 // 13329 // See TagResource for more information on using the TagResource 13330 // API call, and error handling. 13331 // 13332 // This method is useful when you want to inject custom logic or configuration 13333 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 13334 // 13335 // 13336 // // Example sending a request using the TagResourceRequest method. 13337 // req, resp := client.TagResourceRequest(params) 13338 // 13339 // err := req.Send() 13340 // if err == nil { // resp is now filled 13341 // fmt.Println(resp) 13342 // } 13343 // 13344 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 13345 func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { 13346 op := &request.Operation{ 13347 Name: opTagResource, 13348 HTTPMethod: "POST", 13349 HTTPPath: "/", 13350 } 13351 13352 if input == nil { 13353 input = &TagResourceInput{} 13354 } 13355 13356 output = &TagResourceOutput{} 13357 req = c.newRequest(op, input, output) 13358 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 13359 return 13360 } 13361 13362 // TagResource API operation for AWS Organizations. 13363 // 13364 // Adds one or more tags to the specified resource. 13365 // 13366 // Currently, you can attach tags to the following resources in AWS Organizations. 13367 // 13368 // * AWS account 13369 // 13370 // * Organization root 13371 // 13372 // * Organizational unit (OU) 13373 // 13374 // * Policy (any type) 13375 // 13376 // This operation can be called only from the organization's management account. 13377 // 13378 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 13379 // with awserr.Error's Code and Message methods to get detailed information about 13380 // the error. 13381 // 13382 // See the AWS API reference guide for AWS Organizations's 13383 // API operation TagResource for usage and error information. 13384 // 13385 // Returned Error Types: 13386 // * AccessDeniedException 13387 // You don't have permissions to perform the requested operation. The user or 13388 // role that is making the request must have at least one IAM permissions policy 13389 // attached that grants the required permissions. For more information, see 13390 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 13391 // in the IAM User Guide. 13392 // 13393 // * ConcurrentModificationException 13394 // The target of the operation is currently being modified by a different request. 13395 // Try again later. 13396 // 13397 // * AWSOrganizationsNotInUseException 13398 // Your account isn't a member of an organization. To make this request, you 13399 // must use the credentials of an account that belongs to an organization. 13400 // 13401 // * TargetNotFoundException 13402 // We can't find a root, OU, account, or policy with the TargetId that you specified. 13403 // 13404 // * ConstraintViolationException 13405 // Performing this operation violates a minimum or maximum value limit. For 13406 // example, attempting to remove the last service control policy (SCP) from 13407 // an OU or root, inviting or creating too many accounts to the organization, 13408 // or attaching too many policies to an account, OU, or root. This exception 13409 // includes a reason that contains additional information about the violated 13410 // limit: 13411 // 13412 // Some of the reasons in the following list might not be applicable to this 13413 // specific API or operation. 13414 // 13415 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 13416 // account from the organization. You can't remove the management account. 13417 // Instead, after you remove all member accounts, delete the organization 13418 // itself. 13419 // 13420 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 13421 // from the organization that doesn't yet have enough information to exist 13422 // as a standalone account. This account requires you to first agree to the 13423 // AWS Customer Agreement. Follow the steps at Removing a member account 13424 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 13425 // the AWS Organizations User Guide. 13426 // 13427 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 13428 // an account from the organization that doesn't yet have enough information 13429 // to exist as a standalone account. This account requires you to first complete 13430 // phone verification. Follow the steps at Removing a member account from 13431 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 13432 // in the AWS Organizations User Guide. 13433 // 13434 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 13435 // of accounts that you can create in one day. 13436 // 13437 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 13438 // the number of accounts in an organization. If you need more accounts, 13439 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 13440 // request an increase in your limit. Or the number of invitations that you 13441 // tried to send would cause you to exceed the limit of accounts in your 13442 // organization. Send fewer invitations or contact AWS Support to request 13443 // an increase in the number of accounts. Deleted and closed accounts still 13444 // count toward your limit. If you get this exception when running a command 13445 // immediately after creating the organization, wait one hour and try again. 13446 // After an hour, if the command continues to fail with this error, contact 13447 // AWS Support (https://console.aws.amazon.com/support/home#/). 13448 // 13449 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 13450 // register the management account of the organization as a delegated administrator 13451 // for an AWS service integrated with Organizations. You can designate only 13452 // a member account as a delegated administrator. 13453 // 13454 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 13455 // an account that is registered as a delegated administrator for a service 13456 // integrated with your organization. To complete this operation, you must 13457 // first deregister this account as a delegated administrator. 13458 // 13459 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 13460 // organization in the specified region, you must enable all features mode. 13461 // 13462 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 13463 // an AWS account as a delegated administrator for an AWS service that already 13464 // has a delegated administrator. To complete this operation, you must first 13465 // deregister any existing delegated administrators for this service. 13466 // 13467 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 13468 // valid for a limited period of time. You must resubmit the request and 13469 // generate a new verfication code. 13470 // 13471 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 13472 // handshakes that you can send in one day. 13473 // 13474 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 13475 // in this organization, you first must migrate the organization's management 13476 // account to the marketplace that corresponds to the management account's 13477 // address. For example, accounts with India addresses must be associated 13478 // with the AISPL marketplace. All accounts in an organization must be associated 13479 // with the same marketplace. 13480 // 13481 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 13482 // in China. To create an organization, the master must have a valid business 13483 // license. For more information, contact customer support. 13484 // 13485 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 13486 // must first provide a valid contact address and phone number for the management 13487 // account. Then try the operation again. 13488 // 13489 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 13490 // management account must have an associated account in the AWS GovCloud 13491 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 13492 // in the AWS GovCloud User Guide. 13493 // 13494 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 13495 // with this management account, you first must associate a valid payment 13496 // instrument, such as a credit card, with the account. Follow the steps 13497 // at To leave an organization when all required account information has 13498 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13499 // in the AWS Organizations User Guide. 13500 // 13501 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 13502 // to register more delegated administrators than allowed for the service 13503 // principal. 13504 // 13505 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 13506 // number of policies of a certain type that can be attached to an entity 13507 // at one time. 13508 // 13509 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 13510 // on this resource. 13511 // 13512 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 13513 // with this member account, you first must associate a valid payment instrument, 13514 // such as a credit card, with the account. Follow the steps at To leave 13515 // an organization when all required account information has not yet been 13516 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13517 // in the AWS Organizations User Guide. 13518 // 13519 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 13520 // policy from an entity that would cause the entity to have fewer than the 13521 // minimum number of policies of a certain type required. 13522 // 13523 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 13524 // that requires the organization to be configured to support all features. 13525 // An organization that supports only consolidated billing features can't 13526 // perform this operation. 13527 // 13528 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 13529 // too many levels deep. 13530 // 13531 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 13532 // that you can have in an organization. 13533 // 13534 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 13535 // is larger than the maximum size. 13536 // 13537 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 13538 // policies that you can have in an organization. 13539 // 13540 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 13541 // tags that are not compliant with the tag policy requirements for this 13542 // account. 13543 // 13544 // * InvalidInputException 13545 // The requested operation failed because you provided invalid values for one 13546 // or more of the request parameters. This exception includes a reason that 13547 // contains additional information about the violated limit: 13548 // 13549 // Some of the reasons in the following list might not be applicable to this 13550 // specific API or operation. 13551 // 13552 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 13553 // the same entity. 13554 // 13555 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 13556 // can't be modified. 13557 // 13558 // * INPUT_REQUIRED: You must include a value for all required parameters. 13559 // 13560 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 13561 // for the invited account owner. 13562 // 13563 // * INVALID_ENUM: You specified an invalid value. 13564 // 13565 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 13566 // 13567 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 13568 // characters. 13569 // 13570 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 13571 // at least one invalid value. 13572 // 13573 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 13574 // from the response to a previous call of the operation. 13575 // 13576 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 13577 // organization, or email) as a party. 13578 // 13579 // * INVALID_PATTERN: You provided a value that doesn't match the required 13580 // pattern. 13581 // 13582 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 13583 // match the required pattern. 13584 // 13585 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 13586 // name can't begin with the reserved prefix AWSServiceRoleFor. 13587 // 13588 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 13589 // Name (ARN) for the organization. 13590 // 13591 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 13592 // 13593 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 13594 // tag. You can’t add, edit, or delete system tag keys because they're 13595 // reserved for AWS use. System tags don’t count against your tags per 13596 // resource limit. 13597 // 13598 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 13599 // for the operation. 13600 // 13601 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 13602 // than allowed. 13603 // 13604 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 13605 // value than allowed. 13606 // 13607 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 13608 // than allowed. 13609 // 13610 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 13611 // value than allowed. 13612 // 13613 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 13614 // between entities in the same root. 13615 // 13616 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 13617 // target entity. 13618 // 13619 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 13620 // isn't recognized. 13621 // 13622 // * ServiceException 13623 // AWS Organizations can't complete your request because of an internal service 13624 // error. Try again later. 13625 // 13626 // * TooManyRequestsException 13627 // You have sent too many requests in too short a period of time. The quota 13628 // helps protect against denial-of-service attacks. Try again later. 13629 // 13630 // For information about quotas that affect AWS Organizations, see Quotas for 13631 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 13632 // the AWS Organizations User Guide. 13633 // 13634 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource 13635 func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { 13636 req, out := c.TagResourceRequest(input) 13637 return out, req.Send() 13638 } 13639 13640 // TagResourceWithContext is the same as TagResource with the addition of 13641 // the ability to pass a context and additional request options. 13642 // 13643 // See TagResource for details on how to use this API operation. 13644 // 13645 // The context must be non-nil and will be used for request cancellation. If 13646 // the context is nil a panic will occur. In the future the SDK may create 13647 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 13648 // for more information on using Contexts. 13649 func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { 13650 req, out := c.TagResourceRequest(input) 13651 req.SetContext(ctx) 13652 req.ApplyOptions(opts...) 13653 return out, req.Send() 13654 } 13655 13656 const opUntagResource = "UntagResource" 13657 13658 // UntagResourceRequest generates a "aws/request.Request" representing the 13659 // client's request for the UntagResource operation. The "output" return 13660 // value will be populated with the request's response once the request completes 13661 // successfully. 13662 // 13663 // Use "Send" method on the returned Request to send the API call to the service. 13664 // the "output" return value is not valid until after Send returns without error. 13665 // 13666 // See UntagResource for more information on using the UntagResource 13667 // API call, and error handling. 13668 // 13669 // This method is useful when you want to inject custom logic or configuration 13670 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 13671 // 13672 // 13673 // // Example sending a request using the UntagResourceRequest method. 13674 // req, resp := client.UntagResourceRequest(params) 13675 // 13676 // err := req.Send() 13677 // if err == nil { // resp is now filled 13678 // fmt.Println(resp) 13679 // } 13680 // 13681 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 13682 func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { 13683 op := &request.Operation{ 13684 Name: opUntagResource, 13685 HTTPMethod: "POST", 13686 HTTPPath: "/", 13687 } 13688 13689 if input == nil { 13690 input = &UntagResourceInput{} 13691 } 13692 13693 output = &UntagResourceOutput{} 13694 req = c.newRequest(op, input, output) 13695 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 13696 return 13697 } 13698 13699 // UntagResource API operation for AWS Organizations. 13700 // 13701 // Removes any tags with the specified keys from the specified resource. 13702 // 13703 // You can attach tags to the following resources in AWS Organizations. 13704 // 13705 // * AWS account 13706 // 13707 // * Organization root 13708 // 13709 // * Organizational unit (OU) 13710 // 13711 // * Policy (any type) 13712 // 13713 // This operation can be called only from the organization's management account. 13714 // 13715 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 13716 // with awserr.Error's Code and Message methods to get detailed information about 13717 // the error. 13718 // 13719 // See the AWS API reference guide for AWS Organizations's 13720 // API operation UntagResource for usage and error information. 13721 // 13722 // Returned Error Types: 13723 // * AccessDeniedException 13724 // You don't have permissions to perform the requested operation. The user or 13725 // role that is making the request must have at least one IAM permissions policy 13726 // attached that grants the required permissions. For more information, see 13727 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 13728 // in the IAM User Guide. 13729 // 13730 // * ConcurrentModificationException 13731 // The target of the operation is currently being modified by a different request. 13732 // Try again later. 13733 // 13734 // * AWSOrganizationsNotInUseException 13735 // Your account isn't a member of an organization. To make this request, you 13736 // must use the credentials of an account that belongs to an organization. 13737 // 13738 // * TargetNotFoundException 13739 // We can't find a root, OU, account, or policy with the TargetId that you specified. 13740 // 13741 // * ConstraintViolationException 13742 // Performing this operation violates a minimum or maximum value limit. For 13743 // example, attempting to remove the last service control policy (SCP) from 13744 // an OU or root, inviting or creating too many accounts to the organization, 13745 // or attaching too many policies to an account, OU, or root. This exception 13746 // includes a reason that contains additional information about the violated 13747 // limit: 13748 // 13749 // Some of the reasons in the following list might not be applicable to this 13750 // specific API or operation. 13751 // 13752 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 13753 // account from the organization. You can't remove the management account. 13754 // Instead, after you remove all member accounts, delete the organization 13755 // itself. 13756 // 13757 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 13758 // from the organization that doesn't yet have enough information to exist 13759 // as a standalone account. This account requires you to first agree to the 13760 // AWS Customer Agreement. Follow the steps at Removing a member account 13761 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 13762 // the AWS Organizations User Guide. 13763 // 13764 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 13765 // an account from the organization that doesn't yet have enough information 13766 // to exist as a standalone account. This account requires you to first complete 13767 // phone verification. Follow the steps at Removing a member account from 13768 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 13769 // in the AWS Organizations User Guide. 13770 // 13771 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 13772 // of accounts that you can create in one day. 13773 // 13774 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 13775 // the number of accounts in an organization. If you need more accounts, 13776 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 13777 // request an increase in your limit. Or the number of invitations that you 13778 // tried to send would cause you to exceed the limit of accounts in your 13779 // organization. Send fewer invitations or contact AWS Support to request 13780 // an increase in the number of accounts. Deleted and closed accounts still 13781 // count toward your limit. If you get this exception when running a command 13782 // immediately after creating the organization, wait one hour and try again. 13783 // After an hour, if the command continues to fail with this error, contact 13784 // AWS Support (https://console.aws.amazon.com/support/home#/). 13785 // 13786 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 13787 // register the management account of the organization as a delegated administrator 13788 // for an AWS service integrated with Organizations. You can designate only 13789 // a member account as a delegated administrator. 13790 // 13791 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 13792 // an account that is registered as a delegated administrator for a service 13793 // integrated with your organization. To complete this operation, you must 13794 // first deregister this account as a delegated administrator. 13795 // 13796 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 13797 // organization in the specified region, you must enable all features mode. 13798 // 13799 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 13800 // an AWS account as a delegated administrator for an AWS service that already 13801 // has a delegated administrator. To complete this operation, you must first 13802 // deregister any existing delegated administrators for this service. 13803 // 13804 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 13805 // valid for a limited period of time. You must resubmit the request and 13806 // generate a new verfication code. 13807 // 13808 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 13809 // handshakes that you can send in one day. 13810 // 13811 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 13812 // in this organization, you first must migrate the organization's management 13813 // account to the marketplace that corresponds to the management account's 13814 // address. For example, accounts with India addresses must be associated 13815 // with the AISPL marketplace. All accounts in an organization must be associated 13816 // with the same marketplace. 13817 // 13818 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 13819 // in China. To create an organization, the master must have a valid business 13820 // license. For more information, contact customer support. 13821 // 13822 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 13823 // must first provide a valid contact address and phone number for the management 13824 // account. Then try the operation again. 13825 // 13826 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 13827 // management account must have an associated account in the AWS GovCloud 13828 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 13829 // in the AWS GovCloud User Guide. 13830 // 13831 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 13832 // with this management account, you first must associate a valid payment 13833 // instrument, such as a credit card, with the account. Follow the steps 13834 // at To leave an organization when all required account information has 13835 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13836 // in the AWS Organizations User Guide. 13837 // 13838 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 13839 // to register more delegated administrators than allowed for the service 13840 // principal. 13841 // 13842 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 13843 // number of policies of a certain type that can be attached to an entity 13844 // at one time. 13845 // 13846 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 13847 // on this resource. 13848 // 13849 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 13850 // with this member account, you first must associate a valid payment instrument, 13851 // such as a credit card, with the account. Follow the steps at To leave 13852 // an organization when all required account information has not yet been 13853 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 13854 // in the AWS Organizations User Guide. 13855 // 13856 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 13857 // policy from an entity that would cause the entity to have fewer than the 13858 // minimum number of policies of a certain type required. 13859 // 13860 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 13861 // that requires the organization to be configured to support all features. 13862 // An organization that supports only consolidated billing features can't 13863 // perform this operation. 13864 // 13865 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 13866 // too many levels deep. 13867 // 13868 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 13869 // that you can have in an organization. 13870 // 13871 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 13872 // is larger than the maximum size. 13873 // 13874 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 13875 // policies that you can have in an organization. 13876 // 13877 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 13878 // tags that are not compliant with the tag policy requirements for this 13879 // account. 13880 // 13881 // * InvalidInputException 13882 // The requested operation failed because you provided invalid values for one 13883 // or more of the request parameters. This exception includes a reason that 13884 // contains additional information about the violated limit: 13885 // 13886 // Some of the reasons in the following list might not be applicable to this 13887 // specific API or operation. 13888 // 13889 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 13890 // the same entity. 13891 // 13892 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 13893 // can't be modified. 13894 // 13895 // * INPUT_REQUIRED: You must include a value for all required parameters. 13896 // 13897 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 13898 // for the invited account owner. 13899 // 13900 // * INVALID_ENUM: You specified an invalid value. 13901 // 13902 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 13903 // 13904 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 13905 // characters. 13906 // 13907 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 13908 // at least one invalid value. 13909 // 13910 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 13911 // from the response to a previous call of the operation. 13912 // 13913 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 13914 // organization, or email) as a party. 13915 // 13916 // * INVALID_PATTERN: You provided a value that doesn't match the required 13917 // pattern. 13918 // 13919 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 13920 // match the required pattern. 13921 // 13922 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 13923 // name can't begin with the reserved prefix AWSServiceRoleFor. 13924 // 13925 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 13926 // Name (ARN) for the organization. 13927 // 13928 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 13929 // 13930 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 13931 // tag. You can’t add, edit, or delete system tag keys because they're 13932 // reserved for AWS use. System tags don’t count against your tags per 13933 // resource limit. 13934 // 13935 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 13936 // for the operation. 13937 // 13938 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 13939 // than allowed. 13940 // 13941 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 13942 // value than allowed. 13943 // 13944 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 13945 // than allowed. 13946 // 13947 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 13948 // value than allowed. 13949 // 13950 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 13951 // between entities in the same root. 13952 // 13953 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 13954 // target entity. 13955 // 13956 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 13957 // isn't recognized. 13958 // 13959 // * ServiceException 13960 // AWS Organizations can't complete your request because of an internal service 13961 // error. Try again later. 13962 // 13963 // * TooManyRequestsException 13964 // You have sent too many requests in too short a period of time. The quota 13965 // helps protect against denial-of-service attacks. Try again later. 13966 // 13967 // For information about quotas that affect AWS Organizations, see Quotas for 13968 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 13969 // the AWS Organizations User Guide. 13970 // 13971 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource 13972 func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { 13973 req, out := c.UntagResourceRequest(input) 13974 return out, req.Send() 13975 } 13976 13977 // UntagResourceWithContext is the same as UntagResource with the addition of 13978 // the ability to pass a context and additional request options. 13979 // 13980 // See UntagResource for details on how to use this API operation. 13981 // 13982 // The context must be non-nil and will be used for request cancellation. If 13983 // the context is nil a panic will occur. In the future the SDK may create 13984 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 13985 // for more information on using Contexts. 13986 func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { 13987 req, out := c.UntagResourceRequest(input) 13988 req.SetContext(ctx) 13989 req.ApplyOptions(opts...) 13990 return out, req.Send() 13991 } 13992 13993 const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit" 13994 13995 // UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the 13996 // client's request for the UpdateOrganizationalUnit operation. The "output" return 13997 // value will be populated with the request's response once the request completes 13998 // successfully. 13999 // 14000 // Use "Send" method on the returned Request to send the API call to the service. 14001 // the "output" return value is not valid until after Send returns without error. 14002 // 14003 // See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit 14004 // API call, and error handling. 14005 // 14006 // This method is useful when you want to inject custom logic or configuration 14007 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 14008 // 14009 // 14010 // // Example sending a request using the UpdateOrganizationalUnitRequest method. 14011 // req, resp := client.UpdateOrganizationalUnitRequest(params) 14012 // 14013 // err := req.Send() 14014 // if err == nil { // resp is now filled 14015 // fmt.Println(resp) 14016 // } 14017 // 14018 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 14019 func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) { 14020 op := &request.Operation{ 14021 Name: opUpdateOrganizationalUnit, 14022 HTTPMethod: "POST", 14023 HTTPPath: "/", 14024 } 14025 14026 if input == nil { 14027 input = &UpdateOrganizationalUnitInput{} 14028 } 14029 14030 output = &UpdateOrganizationalUnitOutput{} 14031 req = c.newRequest(op, input, output) 14032 return 14033 } 14034 14035 // UpdateOrganizationalUnit API operation for AWS Organizations. 14036 // 14037 // Renames the specified organizational unit (OU). The ID and ARN don't change. 14038 // The child OUs and accounts remain in place, and any attached policies of 14039 // the OU remain attached. 14040 // 14041 // This operation can be called only from the organization's management account. 14042 // 14043 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 14044 // with awserr.Error's Code and Message methods to get detailed information about 14045 // the error. 14046 // 14047 // See the AWS API reference guide for AWS Organizations's 14048 // API operation UpdateOrganizationalUnit for usage and error information. 14049 // 14050 // Returned Error Types: 14051 // * AccessDeniedException 14052 // You don't have permissions to perform the requested operation. The user or 14053 // role that is making the request must have at least one IAM permissions policy 14054 // attached that grants the required permissions. For more information, see 14055 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 14056 // in the IAM User Guide. 14057 // 14058 // * AWSOrganizationsNotInUseException 14059 // Your account isn't a member of an organization. To make this request, you 14060 // must use the credentials of an account that belongs to an organization. 14061 // 14062 // * ConcurrentModificationException 14063 // The target of the operation is currently being modified by a different request. 14064 // Try again later. 14065 // 14066 // * DuplicateOrganizationalUnitException 14067 // An OU with the same name already exists. 14068 // 14069 // * InvalidInputException 14070 // The requested operation failed because you provided invalid values for one 14071 // or more of the request parameters. This exception includes a reason that 14072 // contains additional information about the violated limit: 14073 // 14074 // Some of the reasons in the following list might not be applicable to this 14075 // specific API or operation. 14076 // 14077 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 14078 // the same entity. 14079 // 14080 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 14081 // can't be modified. 14082 // 14083 // * INPUT_REQUIRED: You must include a value for all required parameters. 14084 // 14085 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 14086 // for the invited account owner. 14087 // 14088 // * INVALID_ENUM: You specified an invalid value. 14089 // 14090 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 14091 // 14092 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 14093 // characters. 14094 // 14095 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 14096 // at least one invalid value. 14097 // 14098 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 14099 // from the response to a previous call of the operation. 14100 // 14101 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 14102 // organization, or email) as a party. 14103 // 14104 // * INVALID_PATTERN: You provided a value that doesn't match the required 14105 // pattern. 14106 // 14107 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 14108 // match the required pattern. 14109 // 14110 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 14111 // name can't begin with the reserved prefix AWSServiceRoleFor. 14112 // 14113 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 14114 // Name (ARN) for the organization. 14115 // 14116 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 14117 // 14118 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 14119 // tag. You can’t add, edit, or delete system tag keys because they're 14120 // reserved for AWS use. System tags don’t count against your tags per 14121 // resource limit. 14122 // 14123 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 14124 // for the operation. 14125 // 14126 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 14127 // than allowed. 14128 // 14129 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 14130 // value than allowed. 14131 // 14132 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 14133 // than allowed. 14134 // 14135 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 14136 // value than allowed. 14137 // 14138 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 14139 // between entities in the same root. 14140 // 14141 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 14142 // target entity. 14143 // 14144 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 14145 // isn't recognized. 14146 // 14147 // * OrganizationalUnitNotFoundException 14148 // We can't find an OU with the OrganizationalUnitId that you specified. 14149 // 14150 // * ServiceException 14151 // AWS Organizations can't complete your request because of an internal service 14152 // error. Try again later. 14153 // 14154 // * TooManyRequestsException 14155 // You have sent too many requests in too short a period of time. The quota 14156 // helps protect against denial-of-service attacks. Try again later. 14157 // 14158 // For information about quotas that affect AWS Organizations, see Quotas for 14159 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 14160 // the AWS Organizations User Guide. 14161 // 14162 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit 14163 func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) { 14164 req, out := c.UpdateOrganizationalUnitRequest(input) 14165 return out, req.Send() 14166 } 14167 14168 // UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of 14169 // the ability to pass a context and additional request options. 14170 // 14171 // See UpdateOrganizationalUnit for details on how to use this API operation. 14172 // 14173 // The context must be non-nil and will be used for request cancellation. If 14174 // the context is nil a panic will occur. In the future the SDK may create 14175 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 14176 // for more information on using Contexts. 14177 func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) { 14178 req, out := c.UpdateOrganizationalUnitRequest(input) 14179 req.SetContext(ctx) 14180 req.ApplyOptions(opts...) 14181 return out, req.Send() 14182 } 14183 14184 const opUpdatePolicy = "UpdatePolicy" 14185 14186 // UpdatePolicyRequest generates a "aws/request.Request" representing the 14187 // client's request for the UpdatePolicy operation. The "output" return 14188 // value will be populated with the request's response once the request completes 14189 // successfully. 14190 // 14191 // Use "Send" method on the returned Request to send the API call to the service. 14192 // the "output" return value is not valid until after Send returns without error. 14193 // 14194 // See UpdatePolicy for more information on using the UpdatePolicy 14195 // API call, and error handling. 14196 // 14197 // This method is useful when you want to inject custom logic or configuration 14198 // into the SDK's request lifecycle. Such as custom headers, or retry logic. 14199 // 14200 // 14201 // // Example sending a request using the UpdatePolicyRequest method. 14202 // req, resp := client.UpdatePolicyRequest(params) 14203 // 14204 // err := req.Send() 14205 // if err == nil { // resp is now filled 14206 // fmt.Println(resp) 14207 // } 14208 // 14209 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 14210 func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) { 14211 op := &request.Operation{ 14212 Name: opUpdatePolicy, 14213 HTTPMethod: "POST", 14214 HTTPPath: "/", 14215 } 14216 14217 if input == nil { 14218 input = &UpdatePolicyInput{} 14219 } 14220 14221 output = &UpdatePolicyOutput{} 14222 req = c.newRequest(op, input, output) 14223 return 14224 } 14225 14226 // UpdatePolicy API operation for AWS Organizations. 14227 // 14228 // Updates an existing policy with a new name, description, or content. If you 14229 // don't supply any parameter, that value remains unchanged. You can't change 14230 // a policy's type. 14231 // 14232 // This operation can be called only from the organization's management account. 14233 // 14234 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions 14235 // with awserr.Error's Code and Message methods to get detailed information about 14236 // the error. 14237 // 14238 // See the AWS API reference guide for AWS Organizations's 14239 // API operation UpdatePolicy for usage and error information. 14240 // 14241 // Returned Error Types: 14242 // * AccessDeniedException 14243 // You don't have permissions to perform the requested operation. The user or 14244 // role that is making the request must have at least one IAM permissions policy 14245 // attached that grants the required permissions. For more information, see 14246 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 14247 // in the IAM User Guide. 14248 // 14249 // * AWSOrganizationsNotInUseException 14250 // Your account isn't a member of an organization. To make this request, you 14251 // must use the credentials of an account that belongs to an organization. 14252 // 14253 // * ConcurrentModificationException 14254 // The target of the operation is currently being modified by a different request. 14255 // Try again later. 14256 // 14257 // * ConstraintViolationException 14258 // Performing this operation violates a minimum or maximum value limit. For 14259 // example, attempting to remove the last service control policy (SCP) from 14260 // an OU or root, inviting or creating too many accounts to the organization, 14261 // or attaching too many policies to an account, OU, or root. This exception 14262 // includes a reason that contains additional information about the violated 14263 // limit: 14264 // 14265 // Some of the reasons in the following list might not be applicable to this 14266 // specific API or operation. 14267 // 14268 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 14269 // account from the organization. You can't remove the management account. 14270 // Instead, after you remove all member accounts, delete the organization 14271 // itself. 14272 // 14273 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 14274 // from the organization that doesn't yet have enough information to exist 14275 // as a standalone account. This account requires you to first agree to the 14276 // AWS Customer Agreement. Follow the steps at Removing a member account 14277 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 14278 // the AWS Organizations User Guide. 14279 // 14280 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 14281 // an account from the organization that doesn't yet have enough information 14282 // to exist as a standalone account. This account requires you to first complete 14283 // phone verification. Follow the steps at Removing a member account from 14284 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 14285 // in the AWS Organizations User Guide. 14286 // 14287 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 14288 // of accounts that you can create in one day. 14289 // 14290 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 14291 // the number of accounts in an organization. If you need more accounts, 14292 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 14293 // request an increase in your limit. Or the number of invitations that you 14294 // tried to send would cause you to exceed the limit of accounts in your 14295 // organization. Send fewer invitations or contact AWS Support to request 14296 // an increase in the number of accounts. Deleted and closed accounts still 14297 // count toward your limit. If you get this exception when running a command 14298 // immediately after creating the organization, wait one hour and try again. 14299 // After an hour, if the command continues to fail with this error, contact 14300 // AWS Support (https://console.aws.amazon.com/support/home#/). 14301 // 14302 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 14303 // register the management account of the organization as a delegated administrator 14304 // for an AWS service integrated with Organizations. You can designate only 14305 // a member account as a delegated administrator. 14306 // 14307 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 14308 // an account that is registered as a delegated administrator for a service 14309 // integrated with your organization. To complete this operation, you must 14310 // first deregister this account as a delegated administrator. 14311 // 14312 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 14313 // organization in the specified region, you must enable all features mode. 14314 // 14315 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 14316 // an AWS account as a delegated administrator for an AWS service that already 14317 // has a delegated administrator. To complete this operation, you must first 14318 // deregister any existing delegated administrators for this service. 14319 // 14320 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 14321 // valid for a limited period of time. You must resubmit the request and 14322 // generate a new verfication code. 14323 // 14324 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 14325 // handshakes that you can send in one day. 14326 // 14327 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 14328 // in this organization, you first must migrate the organization's management 14329 // account to the marketplace that corresponds to the management account's 14330 // address. For example, accounts with India addresses must be associated 14331 // with the AISPL marketplace. All accounts in an organization must be associated 14332 // with the same marketplace. 14333 // 14334 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 14335 // in China. To create an organization, the master must have a valid business 14336 // license. For more information, contact customer support. 14337 // 14338 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 14339 // must first provide a valid contact address and phone number for the management 14340 // account. Then try the operation again. 14341 // 14342 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 14343 // management account must have an associated account in the AWS GovCloud 14344 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 14345 // in the AWS GovCloud User Guide. 14346 // 14347 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 14348 // with this management account, you first must associate a valid payment 14349 // instrument, such as a credit card, with the account. Follow the steps 14350 // at To leave an organization when all required account information has 14351 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 14352 // in the AWS Organizations User Guide. 14353 // 14354 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 14355 // to register more delegated administrators than allowed for the service 14356 // principal. 14357 // 14358 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 14359 // number of policies of a certain type that can be attached to an entity 14360 // at one time. 14361 // 14362 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 14363 // on this resource. 14364 // 14365 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 14366 // with this member account, you first must associate a valid payment instrument, 14367 // such as a credit card, with the account. Follow the steps at To leave 14368 // an organization when all required account information has not yet been 14369 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 14370 // in the AWS Organizations User Guide. 14371 // 14372 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 14373 // policy from an entity that would cause the entity to have fewer than the 14374 // minimum number of policies of a certain type required. 14375 // 14376 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 14377 // that requires the organization to be configured to support all features. 14378 // An organization that supports only consolidated billing features can't 14379 // perform this operation. 14380 // 14381 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 14382 // too many levels deep. 14383 // 14384 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 14385 // that you can have in an organization. 14386 // 14387 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 14388 // is larger than the maximum size. 14389 // 14390 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 14391 // policies that you can have in an organization. 14392 // 14393 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 14394 // tags that are not compliant with the tag policy requirements for this 14395 // account. 14396 // 14397 // * DuplicatePolicyException 14398 // A policy with the same name already exists. 14399 // 14400 // * InvalidInputException 14401 // The requested operation failed because you provided invalid values for one 14402 // or more of the request parameters. This exception includes a reason that 14403 // contains additional information about the violated limit: 14404 // 14405 // Some of the reasons in the following list might not be applicable to this 14406 // specific API or operation. 14407 // 14408 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 14409 // the same entity. 14410 // 14411 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 14412 // can't be modified. 14413 // 14414 // * INPUT_REQUIRED: You must include a value for all required parameters. 14415 // 14416 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 14417 // for the invited account owner. 14418 // 14419 // * INVALID_ENUM: You specified an invalid value. 14420 // 14421 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 14422 // 14423 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 14424 // characters. 14425 // 14426 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 14427 // at least one invalid value. 14428 // 14429 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 14430 // from the response to a previous call of the operation. 14431 // 14432 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 14433 // organization, or email) as a party. 14434 // 14435 // * INVALID_PATTERN: You provided a value that doesn't match the required 14436 // pattern. 14437 // 14438 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 14439 // match the required pattern. 14440 // 14441 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 14442 // name can't begin with the reserved prefix AWSServiceRoleFor. 14443 // 14444 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 14445 // Name (ARN) for the organization. 14446 // 14447 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 14448 // 14449 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 14450 // tag. You can’t add, edit, or delete system tag keys because they're 14451 // reserved for AWS use. System tags don’t count against your tags per 14452 // resource limit. 14453 // 14454 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 14455 // for the operation. 14456 // 14457 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 14458 // than allowed. 14459 // 14460 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 14461 // value than allowed. 14462 // 14463 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 14464 // than allowed. 14465 // 14466 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 14467 // value than allowed. 14468 // 14469 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 14470 // between entities in the same root. 14471 // 14472 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 14473 // target entity. 14474 // 14475 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 14476 // isn't recognized. 14477 // 14478 // * MalformedPolicyDocumentException 14479 // The provided policy document doesn't meet the requirements of the specified 14480 // policy type. For example, the syntax might be incorrect. For details about 14481 // service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 14482 // in the AWS Organizations User Guide. 14483 // 14484 // * PolicyNotFoundException 14485 // We can't find a policy with the PolicyId that you specified. 14486 // 14487 // * ServiceException 14488 // AWS Organizations can't complete your request because of an internal service 14489 // error. Try again later. 14490 // 14491 // * TooManyRequestsException 14492 // You have sent too many requests in too short a period of time. The quota 14493 // helps protect against denial-of-service attacks. Try again later. 14494 // 14495 // For information about quotas that affect AWS Organizations, see Quotas for 14496 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 14497 // the AWS Organizations User Guide. 14498 // 14499 // * UnsupportedAPIEndpointException 14500 // This action isn't available in the current AWS Region. 14501 // 14502 // * PolicyChangesInProgressException 14503 // Changes to the effective policy are in progress, and its contents can't be 14504 // returned. Try the operation again later. 14505 // 14506 // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy 14507 func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) { 14508 req, out := c.UpdatePolicyRequest(input) 14509 return out, req.Send() 14510 } 14511 14512 // UpdatePolicyWithContext is the same as UpdatePolicy with the addition of 14513 // the ability to pass a context and additional request options. 14514 // 14515 // See UpdatePolicy for details on how to use this API operation. 14516 // 14517 // The context must be non-nil and will be used for request cancellation. If 14518 // the context is nil a panic will occur. In the future the SDK may create 14519 // sub-contexts for http.Requests. See https://golang.org/pkg/context/ 14520 // for more information on using Contexts. 14521 func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) { 14522 req, out := c.UpdatePolicyRequest(input) 14523 req.SetContext(ctx) 14524 req.ApplyOptions(opts...) 14525 return out, req.Send() 14526 } 14527 14528 // Your account isn't a member of an organization. To make this request, you 14529 // must use the credentials of an account that belongs to an organization. 14530 type AWSOrganizationsNotInUseException struct { 14531 _ struct{} `type:"structure"` 14532 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14533 14534 Message_ *string `locationName:"Message" type:"string"` 14535 } 14536 14537 // String returns the string representation. 14538 // 14539 // API parameter values that are decorated as "sensitive" in the API will not 14540 // be included in the string output. The member name will be present, but the 14541 // value will be replaced with "sensitive". 14542 func (s AWSOrganizationsNotInUseException) String() string { 14543 return awsutil.Prettify(s) 14544 } 14545 14546 // GoString returns the string representation. 14547 // 14548 // API parameter values that are decorated as "sensitive" in the API will not 14549 // be included in the string output. The member name will be present, but the 14550 // value will be replaced with "sensitive". 14551 func (s AWSOrganizationsNotInUseException) GoString() string { 14552 return s.String() 14553 } 14554 14555 func newErrorAWSOrganizationsNotInUseException(v protocol.ResponseMetadata) error { 14556 return &AWSOrganizationsNotInUseException{ 14557 RespMetadata: v, 14558 } 14559 } 14560 14561 // Code returns the exception type name. 14562 func (s *AWSOrganizationsNotInUseException) Code() string { 14563 return "AWSOrganizationsNotInUseException" 14564 } 14565 14566 // Message returns the exception's message. 14567 func (s *AWSOrganizationsNotInUseException) Message() string { 14568 if s.Message_ != nil { 14569 return *s.Message_ 14570 } 14571 return "" 14572 } 14573 14574 // OrigErr always returns nil, satisfies awserr.Error interface. 14575 func (s *AWSOrganizationsNotInUseException) OrigErr() error { 14576 return nil 14577 } 14578 14579 func (s *AWSOrganizationsNotInUseException) Error() string { 14580 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14581 } 14582 14583 // Status code returns the HTTP status code for the request's response error. 14584 func (s *AWSOrganizationsNotInUseException) StatusCode() int { 14585 return s.RespMetadata.StatusCode 14586 } 14587 14588 // RequestID returns the service's response RequestID for request. 14589 func (s *AWSOrganizationsNotInUseException) RequestID() string { 14590 return s.RespMetadata.RequestID 14591 } 14592 14593 type AcceptHandshakeInput struct { 14594 _ struct{} `type:"structure"` 14595 14596 // The unique identifier (ID) of the handshake that you want to accept. 14597 // 14598 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 14599 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 14600 // 14601 // HandshakeId is a required field 14602 HandshakeId *string `type:"string" required:"true"` 14603 } 14604 14605 // String returns the string representation. 14606 // 14607 // API parameter values that are decorated as "sensitive" in the API will not 14608 // be included in the string output. The member name will be present, but the 14609 // value will be replaced with "sensitive". 14610 func (s AcceptHandshakeInput) String() string { 14611 return awsutil.Prettify(s) 14612 } 14613 14614 // GoString returns the string representation. 14615 // 14616 // API parameter values that are decorated as "sensitive" in the API will not 14617 // be included in the string output. The member name will be present, but the 14618 // value will be replaced with "sensitive". 14619 func (s AcceptHandshakeInput) GoString() string { 14620 return s.String() 14621 } 14622 14623 // Validate inspects the fields of the type to determine if they are valid. 14624 func (s *AcceptHandshakeInput) Validate() error { 14625 invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"} 14626 if s.HandshakeId == nil { 14627 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 14628 } 14629 14630 if invalidParams.Len() > 0 { 14631 return invalidParams 14632 } 14633 return nil 14634 } 14635 14636 // SetHandshakeId sets the HandshakeId field's value. 14637 func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput { 14638 s.HandshakeId = &v 14639 return s 14640 } 14641 14642 type AcceptHandshakeOutput struct { 14643 _ struct{} `type:"structure"` 14644 14645 // A structure that contains details about the accepted handshake. 14646 Handshake *Handshake `type:"structure"` 14647 } 14648 14649 // String returns the string representation. 14650 // 14651 // API parameter values that are decorated as "sensitive" in the API will not 14652 // be included in the string output. The member name will be present, but the 14653 // value will be replaced with "sensitive". 14654 func (s AcceptHandshakeOutput) String() string { 14655 return awsutil.Prettify(s) 14656 } 14657 14658 // GoString returns the string representation. 14659 // 14660 // API parameter values that are decorated as "sensitive" in the API will not 14661 // be included in the string output. The member name will be present, but the 14662 // value will be replaced with "sensitive". 14663 func (s AcceptHandshakeOutput) GoString() string { 14664 return s.String() 14665 } 14666 14667 // SetHandshake sets the Handshake field's value. 14668 func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput { 14669 s.Handshake = v 14670 return s 14671 } 14672 14673 // You don't have permissions to perform the requested operation. The user or 14674 // role that is making the request must have at least one IAM permissions policy 14675 // attached that grants the required permissions. For more information, see 14676 // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) 14677 // in the IAM User Guide. 14678 type AccessDeniedException struct { 14679 _ struct{} `type:"structure"` 14680 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14681 14682 Message_ *string `locationName:"Message" type:"string"` 14683 } 14684 14685 // String returns the string representation. 14686 // 14687 // API parameter values that are decorated as "sensitive" in the API will not 14688 // be included in the string output. The member name will be present, but the 14689 // value will be replaced with "sensitive". 14690 func (s AccessDeniedException) String() string { 14691 return awsutil.Prettify(s) 14692 } 14693 14694 // GoString returns the string representation. 14695 // 14696 // API parameter values that are decorated as "sensitive" in the API will not 14697 // be included in the string output. The member name will be present, but the 14698 // value will be replaced with "sensitive". 14699 func (s AccessDeniedException) GoString() string { 14700 return s.String() 14701 } 14702 14703 func newErrorAccessDeniedException(v protocol.ResponseMetadata) error { 14704 return &AccessDeniedException{ 14705 RespMetadata: v, 14706 } 14707 } 14708 14709 // Code returns the exception type name. 14710 func (s *AccessDeniedException) Code() string { 14711 return "AccessDeniedException" 14712 } 14713 14714 // Message returns the exception's message. 14715 func (s *AccessDeniedException) Message() string { 14716 if s.Message_ != nil { 14717 return *s.Message_ 14718 } 14719 return "" 14720 } 14721 14722 // OrigErr always returns nil, satisfies awserr.Error interface. 14723 func (s *AccessDeniedException) OrigErr() error { 14724 return nil 14725 } 14726 14727 func (s *AccessDeniedException) Error() string { 14728 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14729 } 14730 14731 // Status code returns the HTTP status code for the request's response error. 14732 func (s *AccessDeniedException) StatusCode() int { 14733 return s.RespMetadata.StatusCode 14734 } 14735 14736 // RequestID returns the service's response RequestID for request. 14737 func (s *AccessDeniedException) RequestID() string { 14738 return s.RespMetadata.RequestID 14739 } 14740 14741 // The operation that you attempted requires you to have the iam:CreateServiceLinkedRole 14742 // for organizations.amazonaws.com permission so that AWS Organizations can 14743 // create the required service-linked role. You don't have that permission. 14744 type AccessDeniedForDependencyException struct { 14745 _ struct{} `type:"structure"` 14746 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14747 14748 Message_ *string `locationName:"Message" type:"string"` 14749 14750 Reason *string `type:"string" enum:"AccessDeniedForDependencyExceptionReason"` 14751 } 14752 14753 // String returns the string representation. 14754 // 14755 // API parameter values that are decorated as "sensitive" in the API will not 14756 // be included in the string output. The member name will be present, but the 14757 // value will be replaced with "sensitive". 14758 func (s AccessDeniedForDependencyException) String() string { 14759 return awsutil.Prettify(s) 14760 } 14761 14762 // GoString returns the string representation. 14763 // 14764 // API parameter values that are decorated as "sensitive" in the API will not 14765 // be included in the string output. The member name will be present, but the 14766 // value will be replaced with "sensitive". 14767 func (s AccessDeniedForDependencyException) GoString() string { 14768 return s.String() 14769 } 14770 14771 func newErrorAccessDeniedForDependencyException(v protocol.ResponseMetadata) error { 14772 return &AccessDeniedForDependencyException{ 14773 RespMetadata: v, 14774 } 14775 } 14776 14777 // Code returns the exception type name. 14778 func (s *AccessDeniedForDependencyException) Code() string { 14779 return "AccessDeniedForDependencyException" 14780 } 14781 14782 // Message returns the exception's message. 14783 func (s *AccessDeniedForDependencyException) Message() string { 14784 if s.Message_ != nil { 14785 return *s.Message_ 14786 } 14787 return "" 14788 } 14789 14790 // OrigErr always returns nil, satisfies awserr.Error interface. 14791 func (s *AccessDeniedForDependencyException) OrigErr() error { 14792 return nil 14793 } 14794 14795 func (s *AccessDeniedForDependencyException) Error() string { 14796 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 14797 } 14798 14799 // Status code returns the HTTP status code for the request's response error. 14800 func (s *AccessDeniedForDependencyException) StatusCode() int { 14801 return s.RespMetadata.StatusCode 14802 } 14803 14804 // RequestID returns the service's response RequestID for request. 14805 func (s *AccessDeniedForDependencyException) RequestID() string { 14806 return s.RespMetadata.RequestID 14807 } 14808 14809 // Contains information about an AWS account that is a member of an organization. 14810 type Account struct { 14811 _ struct{} `type:"structure"` 14812 14813 // The Amazon Resource Name (ARN) of the account. 14814 // 14815 // For more information about ARNs in Organizations, see ARN Formats Supported 14816 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 14817 // in the AWS Service Authorization Reference. 14818 Arn *string `type:"string"` 14819 14820 // The email address associated with the AWS account. 14821 // 14822 // The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is 14823 // a string of characters that represents a standard internet email address. 14824 // 14825 // Email is a sensitive parameter and its value will be 14826 // replaced with "sensitive" in string returned by Account's 14827 // String and GoString methods. 14828 Email *string `min:"6" type:"string" sensitive:"true"` 14829 14830 // The unique identifier (ID) of the account. 14831 // 14832 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 14833 // requires exactly 12 digits. 14834 Id *string `type:"string"` 14835 14836 // The method by which the account joined the organization. 14837 JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"` 14838 14839 // The date the account became a part of the organization. 14840 JoinedTimestamp *time.Time `type:"timestamp"` 14841 14842 // The friendly name of the account. 14843 // 14844 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 14845 // this parameter is a string of any of the characters in the ASCII character 14846 // range. 14847 // 14848 // Name is a sensitive parameter and its value will be 14849 // replaced with "sensitive" in string returned by Account's 14850 // String and GoString methods. 14851 Name *string `min:"1" type:"string" sensitive:"true"` 14852 14853 // The status of the account in the organization. 14854 Status *string `type:"string" enum:"AccountStatus"` 14855 } 14856 14857 // String returns the string representation. 14858 // 14859 // API parameter values that are decorated as "sensitive" in the API will not 14860 // be included in the string output. The member name will be present, but the 14861 // value will be replaced with "sensitive". 14862 func (s Account) String() string { 14863 return awsutil.Prettify(s) 14864 } 14865 14866 // GoString returns the string representation. 14867 // 14868 // API parameter values that are decorated as "sensitive" in the API will not 14869 // be included in the string output. The member name will be present, but the 14870 // value will be replaced with "sensitive". 14871 func (s Account) GoString() string { 14872 return s.String() 14873 } 14874 14875 // SetArn sets the Arn field's value. 14876 func (s *Account) SetArn(v string) *Account { 14877 s.Arn = &v 14878 return s 14879 } 14880 14881 // SetEmail sets the Email field's value. 14882 func (s *Account) SetEmail(v string) *Account { 14883 s.Email = &v 14884 return s 14885 } 14886 14887 // SetId sets the Id field's value. 14888 func (s *Account) SetId(v string) *Account { 14889 s.Id = &v 14890 return s 14891 } 14892 14893 // SetJoinedMethod sets the JoinedMethod field's value. 14894 func (s *Account) SetJoinedMethod(v string) *Account { 14895 s.JoinedMethod = &v 14896 return s 14897 } 14898 14899 // SetJoinedTimestamp sets the JoinedTimestamp field's value. 14900 func (s *Account) SetJoinedTimestamp(v time.Time) *Account { 14901 s.JoinedTimestamp = &v 14902 return s 14903 } 14904 14905 // SetName sets the Name field's value. 14906 func (s *Account) SetName(v string) *Account { 14907 s.Name = &v 14908 return s 14909 } 14910 14911 // SetStatus sets the Status field's value. 14912 func (s *Account) SetStatus(v string) *Account { 14913 s.Status = &v 14914 return s 14915 } 14916 14917 // The specified account is already a delegated administrator for this AWS service. 14918 type AccountAlreadyRegisteredException struct { 14919 _ struct{} `type:"structure"` 14920 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14921 14922 Message_ *string `locationName:"Message" type:"string"` 14923 } 14924 14925 // String returns the string representation. 14926 // 14927 // API parameter values that are decorated as "sensitive" in the API will not 14928 // be included in the string output. The member name will be present, but the 14929 // value will be replaced with "sensitive". 14930 func (s AccountAlreadyRegisteredException) String() string { 14931 return awsutil.Prettify(s) 14932 } 14933 14934 // GoString returns the string representation. 14935 // 14936 // API parameter values that are decorated as "sensitive" in the API will not 14937 // be included in the string output. The member name will be present, but the 14938 // value will be replaced with "sensitive". 14939 func (s AccountAlreadyRegisteredException) GoString() string { 14940 return s.String() 14941 } 14942 14943 func newErrorAccountAlreadyRegisteredException(v protocol.ResponseMetadata) error { 14944 return &AccountAlreadyRegisteredException{ 14945 RespMetadata: v, 14946 } 14947 } 14948 14949 // Code returns the exception type name. 14950 func (s *AccountAlreadyRegisteredException) Code() string { 14951 return "AccountAlreadyRegisteredException" 14952 } 14953 14954 // Message returns the exception's message. 14955 func (s *AccountAlreadyRegisteredException) Message() string { 14956 if s.Message_ != nil { 14957 return *s.Message_ 14958 } 14959 return "" 14960 } 14961 14962 // OrigErr always returns nil, satisfies awserr.Error interface. 14963 func (s *AccountAlreadyRegisteredException) OrigErr() error { 14964 return nil 14965 } 14966 14967 func (s *AccountAlreadyRegisteredException) Error() string { 14968 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 14969 } 14970 14971 // Status code returns the HTTP status code for the request's response error. 14972 func (s *AccountAlreadyRegisteredException) StatusCode() int { 14973 return s.RespMetadata.StatusCode 14974 } 14975 14976 // RequestID returns the service's response RequestID for request. 14977 func (s *AccountAlreadyRegisteredException) RequestID() string { 14978 return s.RespMetadata.RequestID 14979 } 14980 14981 // We can't find an AWS account with the AccountId that you specified, or the 14982 // account whose credentials you used to make this request isn't a member of 14983 // an organization. 14984 type AccountNotFoundException struct { 14985 _ struct{} `type:"structure"` 14986 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 14987 14988 Message_ *string `locationName:"Message" type:"string"` 14989 } 14990 14991 // String returns the string representation. 14992 // 14993 // API parameter values that are decorated as "sensitive" in the API will not 14994 // be included in the string output. The member name will be present, but the 14995 // value will be replaced with "sensitive". 14996 func (s AccountNotFoundException) String() string { 14997 return awsutil.Prettify(s) 14998 } 14999 15000 // GoString returns the string representation. 15001 // 15002 // API parameter values that are decorated as "sensitive" in the API will not 15003 // be included in the string output. The member name will be present, but the 15004 // value will be replaced with "sensitive". 15005 func (s AccountNotFoundException) GoString() string { 15006 return s.String() 15007 } 15008 15009 func newErrorAccountNotFoundException(v protocol.ResponseMetadata) error { 15010 return &AccountNotFoundException{ 15011 RespMetadata: v, 15012 } 15013 } 15014 15015 // Code returns the exception type name. 15016 func (s *AccountNotFoundException) Code() string { 15017 return "AccountNotFoundException" 15018 } 15019 15020 // Message returns the exception's message. 15021 func (s *AccountNotFoundException) Message() string { 15022 if s.Message_ != nil { 15023 return *s.Message_ 15024 } 15025 return "" 15026 } 15027 15028 // OrigErr always returns nil, satisfies awserr.Error interface. 15029 func (s *AccountNotFoundException) OrigErr() error { 15030 return nil 15031 } 15032 15033 func (s *AccountNotFoundException) Error() string { 15034 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15035 } 15036 15037 // Status code returns the HTTP status code for the request's response error. 15038 func (s *AccountNotFoundException) StatusCode() int { 15039 return s.RespMetadata.StatusCode 15040 } 15041 15042 // RequestID returns the service's response RequestID for request. 15043 func (s *AccountNotFoundException) RequestID() string { 15044 return s.RespMetadata.RequestID 15045 } 15046 15047 // The specified account is not a delegated administrator for this AWS service. 15048 type AccountNotRegisteredException struct { 15049 _ struct{} `type:"structure"` 15050 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15051 15052 Message_ *string `locationName:"Message" type:"string"` 15053 } 15054 15055 // String returns the string representation. 15056 // 15057 // API parameter values that are decorated as "sensitive" in the API will not 15058 // be included in the string output. The member name will be present, but the 15059 // value will be replaced with "sensitive". 15060 func (s AccountNotRegisteredException) String() string { 15061 return awsutil.Prettify(s) 15062 } 15063 15064 // GoString returns the string representation. 15065 // 15066 // API parameter values that are decorated as "sensitive" in the API will not 15067 // be included in the string output. The member name will be present, but the 15068 // value will be replaced with "sensitive". 15069 func (s AccountNotRegisteredException) GoString() string { 15070 return s.String() 15071 } 15072 15073 func newErrorAccountNotRegisteredException(v protocol.ResponseMetadata) error { 15074 return &AccountNotRegisteredException{ 15075 RespMetadata: v, 15076 } 15077 } 15078 15079 // Code returns the exception type name. 15080 func (s *AccountNotRegisteredException) Code() string { 15081 return "AccountNotRegisteredException" 15082 } 15083 15084 // Message returns the exception's message. 15085 func (s *AccountNotRegisteredException) Message() string { 15086 if s.Message_ != nil { 15087 return *s.Message_ 15088 } 15089 return "" 15090 } 15091 15092 // OrigErr always returns nil, satisfies awserr.Error interface. 15093 func (s *AccountNotRegisteredException) OrigErr() error { 15094 return nil 15095 } 15096 15097 func (s *AccountNotRegisteredException) Error() string { 15098 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15099 } 15100 15101 // Status code returns the HTTP status code for the request's response error. 15102 func (s *AccountNotRegisteredException) StatusCode() int { 15103 return s.RespMetadata.StatusCode 15104 } 15105 15106 // RequestID returns the service's response RequestID for request. 15107 func (s *AccountNotRegisteredException) RequestID() string { 15108 return s.RespMetadata.RequestID 15109 } 15110 15111 // You can't invite an existing account to your organization until you verify 15112 // that you own the email address associated with the management account. For 15113 // more information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification) 15114 // in the AWS Organizations User Guide. 15115 type AccountOwnerNotVerifiedException struct { 15116 _ struct{} `type:"structure"` 15117 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15118 15119 Message_ *string `locationName:"Message" type:"string"` 15120 } 15121 15122 // String returns the string representation. 15123 // 15124 // API parameter values that are decorated as "sensitive" in the API will not 15125 // be included in the string output. The member name will be present, but the 15126 // value will be replaced with "sensitive". 15127 func (s AccountOwnerNotVerifiedException) String() string { 15128 return awsutil.Prettify(s) 15129 } 15130 15131 // GoString returns the string representation. 15132 // 15133 // API parameter values that are decorated as "sensitive" in the API will not 15134 // be included in the string output. The member name will be present, but the 15135 // value will be replaced with "sensitive". 15136 func (s AccountOwnerNotVerifiedException) GoString() string { 15137 return s.String() 15138 } 15139 15140 func newErrorAccountOwnerNotVerifiedException(v protocol.ResponseMetadata) error { 15141 return &AccountOwnerNotVerifiedException{ 15142 RespMetadata: v, 15143 } 15144 } 15145 15146 // Code returns the exception type name. 15147 func (s *AccountOwnerNotVerifiedException) Code() string { 15148 return "AccountOwnerNotVerifiedException" 15149 } 15150 15151 // Message returns the exception's message. 15152 func (s *AccountOwnerNotVerifiedException) Message() string { 15153 if s.Message_ != nil { 15154 return *s.Message_ 15155 } 15156 return "" 15157 } 15158 15159 // OrigErr always returns nil, satisfies awserr.Error interface. 15160 func (s *AccountOwnerNotVerifiedException) OrigErr() error { 15161 return nil 15162 } 15163 15164 func (s *AccountOwnerNotVerifiedException) Error() string { 15165 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15166 } 15167 15168 // Status code returns the HTTP status code for the request's response error. 15169 func (s *AccountOwnerNotVerifiedException) StatusCode() int { 15170 return s.RespMetadata.StatusCode 15171 } 15172 15173 // RequestID returns the service's response RequestID for request. 15174 func (s *AccountOwnerNotVerifiedException) RequestID() string { 15175 return s.RespMetadata.RequestID 15176 } 15177 15178 // This account is already a member of an organization. An account can belong 15179 // to only one organization at a time. 15180 type AlreadyInOrganizationException struct { 15181 _ struct{} `type:"structure"` 15182 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15183 15184 Message_ *string `locationName:"Message" type:"string"` 15185 } 15186 15187 // String returns the string representation. 15188 // 15189 // API parameter values that are decorated as "sensitive" in the API will not 15190 // be included in the string output. The member name will be present, but the 15191 // value will be replaced with "sensitive". 15192 func (s AlreadyInOrganizationException) String() string { 15193 return awsutil.Prettify(s) 15194 } 15195 15196 // GoString returns the string representation. 15197 // 15198 // API parameter values that are decorated as "sensitive" in the API will not 15199 // be included in the string output. The member name will be present, but the 15200 // value will be replaced with "sensitive". 15201 func (s AlreadyInOrganizationException) GoString() string { 15202 return s.String() 15203 } 15204 15205 func newErrorAlreadyInOrganizationException(v protocol.ResponseMetadata) error { 15206 return &AlreadyInOrganizationException{ 15207 RespMetadata: v, 15208 } 15209 } 15210 15211 // Code returns the exception type name. 15212 func (s *AlreadyInOrganizationException) Code() string { 15213 return "AlreadyInOrganizationException" 15214 } 15215 15216 // Message returns the exception's message. 15217 func (s *AlreadyInOrganizationException) Message() string { 15218 if s.Message_ != nil { 15219 return *s.Message_ 15220 } 15221 return "" 15222 } 15223 15224 // OrigErr always returns nil, satisfies awserr.Error interface. 15225 func (s *AlreadyInOrganizationException) OrigErr() error { 15226 return nil 15227 } 15228 15229 func (s *AlreadyInOrganizationException) Error() string { 15230 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15231 } 15232 15233 // Status code returns the HTTP status code for the request's response error. 15234 func (s *AlreadyInOrganizationException) StatusCode() int { 15235 return s.RespMetadata.StatusCode 15236 } 15237 15238 // RequestID returns the service's response RequestID for request. 15239 func (s *AlreadyInOrganizationException) RequestID() string { 15240 return s.RespMetadata.RequestID 15241 } 15242 15243 type AttachPolicyInput struct { 15244 _ struct{} `type:"structure"` 15245 15246 // The unique identifier (ID) of the policy that you want to attach to the target. 15247 // You can get the ID for the policy by calling the ListPolicies operation. 15248 // 15249 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 15250 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 15251 // or the underscore character (_). 15252 // 15253 // PolicyId is a required field 15254 PolicyId *string `type:"string" required:"true"` 15255 15256 // The unique identifier (ID) of the root, OU, or account that you want to attach 15257 // the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, 15258 // or ListAccounts operations. 15259 // 15260 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 15261 // requires one of the following: 15262 // 15263 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 15264 // letters or digits. 15265 // 15266 // * Account - A string that consists of exactly 12 digits. 15267 // 15268 // * Organizational unit (OU) - A string that begins with "ou-" followed 15269 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 15270 // OU is in). This string is followed by a second "-" dash and from 8 to 15271 // 32 additional lowercase letters or digits. 15272 // 15273 // TargetId is a required field 15274 TargetId *string `type:"string" required:"true"` 15275 } 15276 15277 // String returns the string representation. 15278 // 15279 // API parameter values that are decorated as "sensitive" in the API will not 15280 // be included in the string output. The member name will be present, but the 15281 // value will be replaced with "sensitive". 15282 func (s AttachPolicyInput) String() string { 15283 return awsutil.Prettify(s) 15284 } 15285 15286 // GoString returns the string representation. 15287 // 15288 // API parameter values that are decorated as "sensitive" in the API will not 15289 // be included in the string output. The member name will be present, but the 15290 // value will be replaced with "sensitive". 15291 func (s AttachPolicyInput) GoString() string { 15292 return s.String() 15293 } 15294 15295 // Validate inspects the fields of the type to determine if they are valid. 15296 func (s *AttachPolicyInput) Validate() error { 15297 invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"} 15298 if s.PolicyId == nil { 15299 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 15300 } 15301 if s.TargetId == nil { 15302 invalidParams.Add(request.NewErrParamRequired("TargetId")) 15303 } 15304 15305 if invalidParams.Len() > 0 { 15306 return invalidParams 15307 } 15308 return nil 15309 } 15310 15311 // SetPolicyId sets the PolicyId field's value. 15312 func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput { 15313 s.PolicyId = &v 15314 return s 15315 } 15316 15317 // SetTargetId sets the TargetId field's value. 15318 func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput { 15319 s.TargetId = &v 15320 return s 15321 } 15322 15323 type AttachPolicyOutput struct { 15324 _ struct{} `type:"structure"` 15325 } 15326 15327 // String returns the string representation. 15328 // 15329 // API parameter values that are decorated as "sensitive" in the API will not 15330 // be included in the string output. The member name will be present, but the 15331 // value will be replaced with "sensitive". 15332 func (s AttachPolicyOutput) String() string { 15333 return awsutil.Prettify(s) 15334 } 15335 15336 // GoString returns the string representation. 15337 // 15338 // API parameter values that are decorated as "sensitive" in the API will not 15339 // be included in the string output. The member name will be present, but the 15340 // value will be replaced with "sensitive". 15341 func (s AttachPolicyOutput) GoString() string { 15342 return s.String() 15343 } 15344 15345 type CancelHandshakeInput struct { 15346 _ struct{} `type:"structure"` 15347 15348 // The unique identifier (ID) of the handshake that you want to cancel. You 15349 // can get the ID from the ListHandshakesForOrganization operation. 15350 // 15351 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 15352 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 15353 // 15354 // HandshakeId is a required field 15355 HandshakeId *string `type:"string" required:"true"` 15356 } 15357 15358 // String returns the string representation. 15359 // 15360 // API parameter values that are decorated as "sensitive" in the API will not 15361 // be included in the string output. The member name will be present, but the 15362 // value will be replaced with "sensitive". 15363 func (s CancelHandshakeInput) String() string { 15364 return awsutil.Prettify(s) 15365 } 15366 15367 // GoString returns the string representation. 15368 // 15369 // API parameter values that are decorated as "sensitive" in the API will not 15370 // be included in the string output. The member name will be present, but the 15371 // value will be replaced with "sensitive". 15372 func (s CancelHandshakeInput) GoString() string { 15373 return s.String() 15374 } 15375 15376 // Validate inspects the fields of the type to determine if they are valid. 15377 func (s *CancelHandshakeInput) Validate() error { 15378 invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"} 15379 if s.HandshakeId == nil { 15380 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 15381 } 15382 15383 if invalidParams.Len() > 0 { 15384 return invalidParams 15385 } 15386 return nil 15387 } 15388 15389 // SetHandshakeId sets the HandshakeId field's value. 15390 func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput { 15391 s.HandshakeId = &v 15392 return s 15393 } 15394 15395 type CancelHandshakeOutput struct { 15396 _ struct{} `type:"structure"` 15397 15398 // A structure that contains details about the handshake that you canceled. 15399 Handshake *Handshake `type:"structure"` 15400 } 15401 15402 // String returns the string representation. 15403 // 15404 // API parameter values that are decorated as "sensitive" in the API will not 15405 // be included in the string output. The member name will be present, but the 15406 // value will be replaced with "sensitive". 15407 func (s CancelHandshakeOutput) String() string { 15408 return awsutil.Prettify(s) 15409 } 15410 15411 // GoString returns the string representation. 15412 // 15413 // API parameter values that are decorated as "sensitive" in the API will not 15414 // be included in the string output. The member name will be present, but the 15415 // value will be replaced with "sensitive". 15416 func (s CancelHandshakeOutput) GoString() string { 15417 return s.String() 15418 } 15419 15420 // SetHandshake sets the Handshake field's value. 15421 func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput { 15422 s.Handshake = v 15423 return s 15424 } 15425 15426 // Contains a list of child entities, either OUs or accounts. 15427 type Child struct { 15428 _ struct{} `type:"structure"` 15429 15430 // The unique identifier (ID) of this child entity. 15431 // 15432 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 15433 // requires one of the following: 15434 // 15435 // * Account - A string that consists of exactly 12 digits. 15436 // 15437 // * Organizational unit (OU) - A string that begins with "ou-" followed 15438 // by from 4 to 32 lowercase letters or digits (the ID of the root that contains 15439 // the OU). This string is followed by a second "-" dash and from 8 to 32 15440 // additional lowercase letters or digits. 15441 Id *string `type:"string"` 15442 15443 // The type of this child entity. 15444 Type *string `type:"string" enum:"ChildType"` 15445 } 15446 15447 // String returns the string representation. 15448 // 15449 // API parameter values that are decorated as "sensitive" in the API will not 15450 // be included in the string output. The member name will be present, but the 15451 // value will be replaced with "sensitive". 15452 func (s Child) String() string { 15453 return awsutil.Prettify(s) 15454 } 15455 15456 // GoString returns the string representation. 15457 // 15458 // API parameter values that are decorated as "sensitive" in the API will not 15459 // be included in the string output. The member name will be present, but the 15460 // value will be replaced with "sensitive". 15461 func (s Child) GoString() string { 15462 return s.String() 15463 } 15464 15465 // SetId sets the Id field's value. 15466 func (s *Child) SetId(v string) *Child { 15467 s.Id = &v 15468 return s 15469 } 15470 15471 // SetType sets the Type field's value. 15472 func (s *Child) SetType(v string) *Child { 15473 s.Type = &v 15474 return s 15475 } 15476 15477 // We can't find an organizational unit (OU) or AWS account with the ChildId 15478 // that you specified. 15479 type ChildNotFoundException struct { 15480 _ struct{} `type:"structure"` 15481 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15482 15483 Message_ *string `locationName:"Message" type:"string"` 15484 } 15485 15486 // String returns the string representation. 15487 // 15488 // API parameter values that are decorated as "sensitive" in the API will not 15489 // be included in the string output. The member name will be present, but the 15490 // value will be replaced with "sensitive". 15491 func (s ChildNotFoundException) String() string { 15492 return awsutil.Prettify(s) 15493 } 15494 15495 // GoString returns the string representation. 15496 // 15497 // API parameter values that are decorated as "sensitive" in the API will not 15498 // be included in the string output. The member name will be present, but the 15499 // value will be replaced with "sensitive". 15500 func (s ChildNotFoundException) GoString() string { 15501 return s.String() 15502 } 15503 15504 func newErrorChildNotFoundException(v protocol.ResponseMetadata) error { 15505 return &ChildNotFoundException{ 15506 RespMetadata: v, 15507 } 15508 } 15509 15510 // Code returns the exception type name. 15511 func (s *ChildNotFoundException) Code() string { 15512 return "ChildNotFoundException" 15513 } 15514 15515 // Message returns the exception's message. 15516 func (s *ChildNotFoundException) Message() string { 15517 if s.Message_ != nil { 15518 return *s.Message_ 15519 } 15520 return "" 15521 } 15522 15523 // OrigErr always returns nil, satisfies awserr.Error interface. 15524 func (s *ChildNotFoundException) OrigErr() error { 15525 return nil 15526 } 15527 15528 func (s *ChildNotFoundException) Error() string { 15529 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15530 } 15531 15532 // Status code returns the HTTP status code for the request's response error. 15533 func (s *ChildNotFoundException) StatusCode() int { 15534 return s.RespMetadata.StatusCode 15535 } 15536 15537 // RequestID returns the service's response RequestID for request. 15538 func (s *ChildNotFoundException) RequestID() string { 15539 return s.RespMetadata.RequestID 15540 } 15541 15542 // The target of the operation is currently being modified by a different request. 15543 // Try again later. 15544 type ConcurrentModificationException struct { 15545 _ struct{} `type:"structure"` 15546 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15547 15548 Message_ *string `locationName:"Message" type:"string"` 15549 } 15550 15551 // String returns the string representation. 15552 // 15553 // API parameter values that are decorated as "sensitive" in the API will not 15554 // be included in the string output. The member name will be present, but the 15555 // value will be replaced with "sensitive". 15556 func (s ConcurrentModificationException) String() string { 15557 return awsutil.Prettify(s) 15558 } 15559 15560 // GoString returns the string representation. 15561 // 15562 // API parameter values that are decorated as "sensitive" in the API will not 15563 // be included in the string output. The member name will be present, but the 15564 // value will be replaced with "sensitive". 15565 func (s ConcurrentModificationException) GoString() string { 15566 return s.String() 15567 } 15568 15569 func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error { 15570 return &ConcurrentModificationException{ 15571 RespMetadata: v, 15572 } 15573 } 15574 15575 // Code returns the exception type name. 15576 func (s *ConcurrentModificationException) Code() string { 15577 return "ConcurrentModificationException" 15578 } 15579 15580 // Message returns the exception's message. 15581 func (s *ConcurrentModificationException) Message() string { 15582 if s.Message_ != nil { 15583 return *s.Message_ 15584 } 15585 return "" 15586 } 15587 15588 // OrigErr always returns nil, satisfies awserr.Error interface. 15589 func (s *ConcurrentModificationException) OrigErr() error { 15590 return nil 15591 } 15592 15593 func (s *ConcurrentModificationException) Error() string { 15594 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 15595 } 15596 15597 // Status code returns the HTTP status code for the request's response error. 15598 func (s *ConcurrentModificationException) StatusCode() int { 15599 return s.RespMetadata.StatusCode 15600 } 15601 15602 // RequestID returns the service's response RequestID for request. 15603 func (s *ConcurrentModificationException) RequestID() string { 15604 return s.RespMetadata.RequestID 15605 } 15606 15607 // Performing this operation violates a minimum or maximum value limit. For 15608 // example, attempting to remove the last service control policy (SCP) from 15609 // an OU or root, inviting or creating too many accounts to the organization, 15610 // or attaching too many policies to an account, OU, or root. This exception 15611 // includes a reason that contains additional information about the violated 15612 // limit: 15613 // 15614 // Some of the reasons in the following list might not be applicable to this 15615 // specific API or operation. 15616 // 15617 // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management 15618 // account from the organization. You can't remove the management account. 15619 // Instead, after you remove all member accounts, delete the organization 15620 // itself. 15621 // 15622 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account 15623 // from the organization that doesn't yet have enough information to exist 15624 // as a standalone account. This account requires you to first agree to the 15625 // AWS Customer Agreement. Follow the steps at Removing a member account 15626 // from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in 15627 // the AWS Organizations User Guide. 15628 // 15629 // * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove 15630 // an account from the organization that doesn't yet have enough information 15631 // to exist as a standalone account. This account requires you to first complete 15632 // phone verification. Follow the steps at Removing a member account from 15633 // your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master) 15634 // in the AWS Organizations User Guide. 15635 // 15636 // * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number 15637 // of accounts that you can create in one day. 15638 // 15639 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 15640 // the number of accounts in an organization. If you need more accounts, 15641 // contact AWS Support (https://console.aws.amazon.com/support/home#/) to 15642 // request an increase in your limit. Or the number of invitations that you 15643 // tried to send would cause you to exceed the limit of accounts in your 15644 // organization. Send fewer invitations or contact AWS Support to request 15645 // an increase in the number of accounts. Deleted and closed accounts still 15646 // count toward your limit. If you get this exception when running a command 15647 // immediately after creating the organization, wait one hour and try again. 15648 // After an hour, if the command continues to fail with this error, contact 15649 // AWS Support (https://console.aws.amazon.com/support/home#/). 15650 // 15651 // * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to 15652 // register the management account of the organization as a delegated administrator 15653 // for an AWS service integrated with Organizations. You can designate only 15654 // a member account as a delegated administrator. 15655 // 15656 // * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove 15657 // an account that is registered as a delegated administrator for a service 15658 // integrated with your organization. To complete this operation, you must 15659 // first deregister this account as a delegated administrator. 15660 // 15661 // * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an 15662 // organization in the specified region, you must enable all features mode. 15663 // 15664 // * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register 15665 // an AWS account as a delegated administrator for an AWS service that already 15666 // has a delegated administrator. To complete this operation, you must first 15667 // deregister any existing delegated administrators for this service. 15668 // 15669 // * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only 15670 // valid for a limited period of time. You must resubmit the request and 15671 // generate a new verfication code. 15672 // 15673 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 15674 // handshakes that you can send in one day. 15675 // 15676 // * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account 15677 // in this organization, you first must migrate the organization's management 15678 // account to the marketplace that corresponds to the management account's 15679 // address. For example, accounts with India addresses must be associated 15680 // with the AISPL marketplace. All accounts in an organization must be associated 15681 // with the same marketplace. 15682 // 15683 // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions 15684 // in China. To create an organization, the master must have a valid business 15685 // license. For more information, contact customer support. 15686 // 15687 // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you 15688 // must first provide a valid contact address and phone number for the management 15689 // account. Then try the operation again. 15690 // 15691 // * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the 15692 // management account must have an associated account in the AWS GovCloud 15693 // (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html) 15694 // in the AWS GovCloud User Guide. 15695 // 15696 // * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization 15697 // with this management account, you first must associate a valid payment 15698 // instrument, such as a credit card, with the account. Follow the steps 15699 // at To leave an organization when all required account information has 15700 // not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 15701 // in the AWS Organizations User Guide. 15702 // 15703 // * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted 15704 // to register more delegated administrators than allowed for the service 15705 // principal. 15706 // 15707 // * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the 15708 // number of policies of a certain type that can be attached to an entity 15709 // at one time. 15710 // 15711 // * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed 15712 // on this resource. 15713 // 15714 // * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation 15715 // with this member account, you first must associate a valid payment instrument, 15716 // such as a credit card, with the account. Follow the steps at To leave 15717 // an organization when all required account information has not yet been 15718 // provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) 15719 // in the AWS Organizations User Guide. 15720 // 15721 // * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a 15722 // policy from an entity that would cause the entity to have fewer than the 15723 // minimum number of policies of a certain type required. 15724 // 15725 // * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation 15726 // that requires the organization to be configured to support all features. 15727 // An organization that supports only consolidated billing features can't 15728 // perform this operation. 15729 // 15730 // * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is 15731 // too many levels deep. 15732 // 15733 // * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs 15734 // that you can have in an organization. 15735 // 15736 // * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that 15737 // is larger than the maximum size. 15738 // 15739 // * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of 15740 // policies that you can have in an organization. 15741 // 15742 // * TAG_POLICY_VIOLATION: You attempted to create or update a resource with 15743 // tags that are not compliant with the tag policy requirements for this 15744 // account. 15745 type ConstraintViolationException struct { 15746 _ struct{} `type:"structure"` 15747 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 15748 15749 Message_ *string `locationName:"Message" type:"string"` 15750 15751 Reason *string `type:"string" enum:"ConstraintViolationExceptionReason"` 15752 } 15753 15754 // String returns the string representation. 15755 // 15756 // API parameter values that are decorated as "sensitive" in the API will not 15757 // be included in the string output. The member name will be present, but the 15758 // value will be replaced with "sensitive". 15759 func (s ConstraintViolationException) String() string { 15760 return awsutil.Prettify(s) 15761 } 15762 15763 // GoString returns the string representation. 15764 // 15765 // API parameter values that are decorated as "sensitive" in the API will not 15766 // be included in the string output. The member name will be present, but the 15767 // value will be replaced with "sensitive". 15768 func (s ConstraintViolationException) GoString() string { 15769 return s.String() 15770 } 15771 15772 func newErrorConstraintViolationException(v protocol.ResponseMetadata) error { 15773 return &ConstraintViolationException{ 15774 RespMetadata: v, 15775 } 15776 } 15777 15778 // Code returns the exception type name. 15779 func (s *ConstraintViolationException) Code() string { 15780 return "ConstraintViolationException" 15781 } 15782 15783 // Message returns the exception's message. 15784 func (s *ConstraintViolationException) Message() string { 15785 if s.Message_ != nil { 15786 return *s.Message_ 15787 } 15788 return "" 15789 } 15790 15791 // OrigErr always returns nil, satisfies awserr.Error interface. 15792 func (s *ConstraintViolationException) OrigErr() error { 15793 return nil 15794 } 15795 15796 func (s *ConstraintViolationException) Error() string { 15797 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 15798 } 15799 15800 // Status code returns the HTTP status code for the request's response error. 15801 func (s *ConstraintViolationException) StatusCode() int { 15802 return s.RespMetadata.StatusCode 15803 } 15804 15805 // RequestID returns the service's response RequestID for request. 15806 func (s *ConstraintViolationException) RequestID() string { 15807 return s.RespMetadata.RequestID 15808 } 15809 15810 type CreateAccountInput struct { 15811 _ struct{} `type:"structure"` 15812 15813 // The friendly name of the member account. 15814 // 15815 // AccountName is a sensitive parameter and its value will be 15816 // replaced with "sensitive" in string returned by CreateAccountInput's 15817 // String and GoString methods. 15818 // 15819 // AccountName is a required field 15820 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 15821 15822 // The email address of the owner to assign to the new member account. This 15823 // email address must not already be associated with another AWS account. You 15824 // must use a valid email address to complete account creation. You can't access 15825 // the root user of the account or remove an account that was created with an 15826 // invalid email address. 15827 // 15828 // Email is a sensitive parameter and its value will be 15829 // replaced with "sensitive" in string returned by CreateAccountInput's 15830 // String and GoString methods. 15831 // 15832 // Email is a required field 15833 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 15834 15835 // If set to ALLOW, the new account enables IAM users to access account billing 15836 // information if they have the required permissions. If set to DENY, only the 15837 // root user of the new account can access account billing information. For 15838 // more information, see Activating Access to the Billing and Cost Management 15839 // Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 15840 // in the AWS Billing and Cost Management User Guide. 15841 // 15842 // If you don't specify this parameter, the value defaults to ALLOW, and IAM 15843 // users and roles with the required permissions can access billing information 15844 // for the new account. 15845 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 15846 15847 // (Optional) 15848 // 15849 // The name of an IAM role that AWS Organizations automatically preconfigures 15850 // in the new member account. This role trusts the management account, allowing 15851 // users in the management account to assume the role, as permitted by the management 15852 // account administrator. The role has administrator permissions in the new 15853 // member account. 15854 // 15855 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 15856 // 15857 // For more information about how to use this role to access the member account, 15858 // see the following links: 15859 // 15860 // * Accessing and Administering the Member Accounts in Your Organization 15861 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 15862 // in the AWS Organizations User Guide 15863 // 15864 // * Steps 2 and 3 in Tutorial: Delegate Access Across AWS Accounts Using 15865 // IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 15866 // in the IAM User Guide 15867 // 15868 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 15869 // this parameter. The pattern can include uppercase letters, lowercase letters, 15870 // digits with no spaces, and any of the following characters: =,.@- 15871 RoleName *string `type:"string"` 15872 15873 // A list of tags that you want to attach to the newly created account. For 15874 // each tag in the list, you must specify both a tag key and a value. You can 15875 // set the value to an empty string, but you can't set it to null. For more 15876 // information about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 15877 // in the AWS Organizations User Guide. 15878 // 15879 // If any one of the tags is invalid or if you exceed the allowed number of 15880 // tags for an account, then the entire request fails and the account is not 15881 // created. 15882 Tags []*Tag `type:"list"` 15883 } 15884 15885 // String returns the string representation. 15886 // 15887 // API parameter values that are decorated as "sensitive" in the API will not 15888 // be included in the string output. The member name will be present, but the 15889 // value will be replaced with "sensitive". 15890 func (s CreateAccountInput) String() string { 15891 return awsutil.Prettify(s) 15892 } 15893 15894 // GoString returns the string representation. 15895 // 15896 // API parameter values that are decorated as "sensitive" in the API will not 15897 // be included in the string output. The member name will be present, but the 15898 // value will be replaced with "sensitive". 15899 func (s CreateAccountInput) GoString() string { 15900 return s.String() 15901 } 15902 15903 // Validate inspects the fields of the type to determine if they are valid. 15904 func (s *CreateAccountInput) Validate() error { 15905 invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"} 15906 if s.AccountName == nil { 15907 invalidParams.Add(request.NewErrParamRequired("AccountName")) 15908 } 15909 if s.AccountName != nil && len(*s.AccountName) < 1 { 15910 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 15911 } 15912 if s.Email == nil { 15913 invalidParams.Add(request.NewErrParamRequired("Email")) 15914 } 15915 if s.Email != nil && len(*s.Email) < 6 { 15916 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 15917 } 15918 if s.Tags != nil { 15919 for i, v := range s.Tags { 15920 if v == nil { 15921 continue 15922 } 15923 if err := v.Validate(); err != nil { 15924 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 15925 } 15926 } 15927 } 15928 15929 if invalidParams.Len() > 0 { 15930 return invalidParams 15931 } 15932 return nil 15933 } 15934 15935 // SetAccountName sets the AccountName field's value. 15936 func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput { 15937 s.AccountName = &v 15938 return s 15939 } 15940 15941 // SetEmail sets the Email field's value. 15942 func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput { 15943 s.Email = &v 15944 return s 15945 } 15946 15947 // SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 15948 func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput { 15949 s.IamUserAccessToBilling = &v 15950 return s 15951 } 15952 15953 // SetRoleName sets the RoleName field's value. 15954 func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput { 15955 s.RoleName = &v 15956 return s 15957 } 15958 15959 // SetTags sets the Tags field's value. 15960 func (s *CreateAccountInput) SetTags(v []*Tag) *CreateAccountInput { 15961 s.Tags = v 15962 return s 15963 } 15964 15965 type CreateAccountOutput struct { 15966 _ struct{} `type:"structure"` 15967 15968 // A structure that contains details about the request to create an account. 15969 // This response structure might not be fully populated when you first receive 15970 // it because account creation is an asynchronous process. You can pass the 15971 // returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus 15972 // to get status about the progress of the request at later times. You can also 15973 // check the AWS CloudTrail log for the CreateAccountResult event. For more 15974 // information, see Monitoring the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) 15975 // in the AWS Organizations User Guide. 15976 CreateAccountStatus *CreateAccountStatus `type:"structure"` 15977 } 15978 15979 // String returns the string representation. 15980 // 15981 // API parameter values that are decorated as "sensitive" in the API will not 15982 // be included in the string output. The member name will be present, but the 15983 // value will be replaced with "sensitive". 15984 func (s CreateAccountOutput) String() string { 15985 return awsutil.Prettify(s) 15986 } 15987 15988 // GoString returns the string representation. 15989 // 15990 // API parameter values that are decorated as "sensitive" in the API will not 15991 // be included in the string output. The member name will be present, but the 15992 // value will be replaced with "sensitive". 15993 func (s CreateAccountOutput) GoString() string { 15994 return s.String() 15995 } 15996 15997 // SetCreateAccountStatus sets the CreateAccountStatus field's value. 15998 func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput { 15999 s.CreateAccountStatus = v 16000 return s 16001 } 16002 16003 // Contains the status about a CreateAccount or CreateGovCloudAccount request 16004 // to create an AWS account or an AWS GovCloud (US) account in an organization. 16005 type CreateAccountStatus struct { 16006 _ struct{} `type:"structure"` 16007 16008 // If the account was created successfully, the unique identifier (ID) of the 16009 // new account. 16010 // 16011 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 16012 // requires exactly 12 digits. 16013 AccountId *string `type:"string"` 16014 16015 // The account name given to the account when it was created. 16016 // 16017 // AccountName is a sensitive parameter and its value will be 16018 // replaced with "sensitive" in string returned by CreateAccountStatus's 16019 // String and GoString methods. 16020 AccountName *string `min:"1" type:"string" sensitive:"true"` 16021 16022 // The date and time that the account was created and the request completed. 16023 CompletedTimestamp *time.Time `type:"timestamp"` 16024 16025 // If the request failed, a description of the reason for the failure. 16026 // 16027 // * ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you 16028 // reached the limit on the number of accounts in your organization. 16029 // 16030 // * CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with 16031 // the same information. 16032 // 16033 // * EMAIL_ALREADY_EXISTS: The account could not be created because another 16034 // AWS account with that email address already exists. 16035 // 16036 // * FAILED_BUSINESS_VALIDATION: The AWS account that owns your organization 16037 // failed to receive business license validation. 16038 // 16039 // * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the AWS GovCloud (US) 16040 // Region could not be created because this Region already includes an account 16041 // with that email address. 16042 // 16043 // * IDENTITY_INVALID_BUSINESS_VALIDATION: The AWS account that owns your 16044 // organization can't complete business license validation because it doesn't 16045 // have valid identity data. 16046 // 16047 // * INVALID_ADDRESS: The account could not be created because the address 16048 // you provided is not valid. 16049 // 16050 // * INVALID_EMAIL: The account could not be created because the email address 16051 // you provided is not valid. 16052 // 16053 // * INTERNAL_FAILURE: The account could not be created because of an internal 16054 // failure. Try again later. If the problem persists, contact AWS Customer 16055 // Support. 16056 // 16057 // * MISSING_BUSINESS_VALIDATION: The AWS account that owns your organization 16058 // has not received Business Validation. 16059 // 16060 // * MISSING_PAYMENT_INSTRUMENT: You must configure the management account 16061 // with a valid payment method, such as a credit card. 16062 // 16063 // * PENDING_BUSINESS_VALIDATION: The AWS account that owns your organization 16064 // is still in the process of completing business license validation. 16065 // 16066 // * UNKNOWN_BUSINESS_VALIDATION: The AWS account that owns your organization 16067 // has an unknown issue with business license validation. 16068 FailureReason *string `type:"string" enum:"CreateAccountFailureReason"` 16069 16070 // If the account was created successfully, the unique identifier (ID) of the 16071 // new account in the AWS GovCloud (US) Region. 16072 GovCloudAccountId *string `type:"string"` 16073 16074 // The unique identifier (ID) that references this request. You get this value 16075 // from the response of the initial CreateAccount request to create the account. 16076 // 16077 // The regex pattern (http://wikipedia.org/wiki/regex) for a create account 16078 // request ID string requires "car-" followed by from 8 to 32 lowercase letters 16079 // or digits. 16080 Id *string `type:"string"` 16081 16082 // The date and time that the request was made for the account creation. 16083 RequestedTimestamp *time.Time `type:"timestamp"` 16084 16085 // The status of the asynchronous request to create an AWS account. 16086 State *string `type:"string" enum:"CreateAccountState"` 16087 } 16088 16089 // String returns the string representation. 16090 // 16091 // API parameter values that are decorated as "sensitive" in the API will not 16092 // be included in the string output. The member name will be present, but the 16093 // value will be replaced with "sensitive". 16094 func (s CreateAccountStatus) String() string { 16095 return awsutil.Prettify(s) 16096 } 16097 16098 // GoString returns the string representation. 16099 // 16100 // API parameter values that are decorated as "sensitive" in the API will not 16101 // be included in the string output. The member name will be present, but the 16102 // value will be replaced with "sensitive". 16103 func (s CreateAccountStatus) GoString() string { 16104 return s.String() 16105 } 16106 16107 // SetAccountId sets the AccountId field's value. 16108 func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus { 16109 s.AccountId = &v 16110 return s 16111 } 16112 16113 // SetAccountName sets the AccountName field's value. 16114 func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus { 16115 s.AccountName = &v 16116 return s 16117 } 16118 16119 // SetCompletedTimestamp sets the CompletedTimestamp field's value. 16120 func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus { 16121 s.CompletedTimestamp = &v 16122 return s 16123 } 16124 16125 // SetFailureReason sets the FailureReason field's value. 16126 func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus { 16127 s.FailureReason = &v 16128 return s 16129 } 16130 16131 // SetGovCloudAccountId sets the GovCloudAccountId field's value. 16132 func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus { 16133 s.GovCloudAccountId = &v 16134 return s 16135 } 16136 16137 // SetId sets the Id field's value. 16138 func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus { 16139 s.Id = &v 16140 return s 16141 } 16142 16143 // SetRequestedTimestamp sets the RequestedTimestamp field's value. 16144 func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus { 16145 s.RequestedTimestamp = &v 16146 return s 16147 } 16148 16149 // SetState sets the State field's value. 16150 func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus { 16151 s.State = &v 16152 return s 16153 } 16154 16155 // We can't find an create account request with the CreateAccountRequestId that 16156 // you specified. 16157 type CreateAccountStatusNotFoundException struct { 16158 _ struct{} `type:"structure"` 16159 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 16160 16161 Message_ *string `locationName:"Message" type:"string"` 16162 } 16163 16164 // String returns the string representation. 16165 // 16166 // API parameter values that are decorated as "sensitive" in the API will not 16167 // be included in the string output. The member name will be present, but the 16168 // value will be replaced with "sensitive". 16169 func (s CreateAccountStatusNotFoundException) String() string { 16170 return awsutil.Prettify(s) 16171 } 16172 16173 // GoString returns the string representation. 16174 // 16175 // API parameter values that are decorated as "sensitive" in the API will not 16176 // be included in the string output. The member name will be present, but the 16177 // value will be replaced with "sensitive". 16178 func (s CreateAccountStatusNotFoundException) GoString() string { 16179 return s.String() 16180 } 16181 16182 func newErrorCreateAccountStatusNotFoundException(v protocol.ResponseMetadata) error { 16183 return &CreateAccountStatusNotFoundException{ 16184 RespMetadata: v, 16185 } 16186 } 16187 16188 // Code returns the exception type name. 16189 func (s *CreateAccountStatusNotFoundException) Code() string { 16190 return "CreateAccountStatusNotFoundException" 16191 } 16192 16193 // Message returns the exception's message. 16194 func (s *CreateAccountStatusNotFoundException) Message() string { 16195 if s.Message_ != nil { 16196 return *s.Message_ 16197 } 16198 return "" 16199 } 16200 16201 // OrigErr always returns nil, satisfies awserr.Error interface. 16202 func (s *CreateAccountStatusNotFoundException) OrigErr() error { 16203 return nil 16204 } 16205 16206 func (s *CreateAccountStatusNotFoundException) Error() string { 16207 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 16208 } 16209 16210 // Status code returns the HTTP status code for the request's response error. 16211 func (s *CreateAccountStatusNotFoundException) StatusCode() int { 16212 return s.RespMetadata.StatusCode 16213 } 16214 16215 // RequestID returns the service's response RequestID for request. 16216 func (s *CreateAccountStatusNotFoundException) RequestID() string { 16217 return s.RespMetadata.RequestID 16218 } 16219 16220 type CreateGovCloudAccountInput struct { 16221 _ struct{} `type:"structure"` 16222 16223 // The friendly name of the member account. 16224 // 16225 // AccountName is a sensitive parameter and its value will be 16226 // replaced with "sensitive" in string returned by CreateGovCloudAccountInput's 16227 // String and GoString methods. 16228 // 16229 // AccountName is a required field 16230 AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"` 16231 16232 // The email address of the owner to assign to the new member account in the 16233 // commercial Region. This email address must not already be associated with 16234 // another AWS account. You must use a valid email address to complete account 16235 // creation. You can't access the root user of the account or remove an account 16236 // that was created with an invalid email address. Like all request parameters 16237 // for CreateGovCloudAccount, the request for the email address for the AWS 16238 // GovCloud (US) account originates from the commercial Region, not from the 16239 // AWS GovCloud (US) Region. 16240 // 16241 // Email is a sensitive parameter and its value will be 16242 // replaced with "sensitive" in string returned by CreateGovCloudAccountInput's 16243 // String and GoString methods. 16244 // 16245 // Email is a required field 16246 Email *string `min:"6" type:"string" required:"true" sensitive:"true"` 16247 16248 // If set to ALLOW, the new linked account in the commercial Region enables 16249 // IAM users to access account billing information if they have the required 16250 // permissions. If set to DENY, only the root user of the new account can access 16251 // account billing information. For more information, see Activating Access 16252 // to the Billing and Cost Management Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) 16253 // in the AWS Billing and Cost Management User Guide. 16254 // 16255 // If you don't specify this parameter, the value defaults to ALLOW, and IAM 16256 // users and roles with the required permissions can access billing information 16257 // for the new account. 16258 IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"` 16259 16260 // (Optional) 16261 // 16262 // The name of an IAM role that AWS Organizations automatically preconfigures 16263 // in the new member accounts in both the AWS GovCloud (US) Region and in the 16264 // commercial Region. This role trusts the management account, allowing users 16265 // in the management account to assume the role, as permitted by the management 16266 // account administrator. The role has administrator permissions in the new 16267 // member account. 16268 // 16269 // If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. 16270 // 16271 // For more information about how to use this role to access the member account, 16272 // see Accessing and Administering the Member Accounts in Your Organization 16273 // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role) 16274 // in the AWS Organizations User Guide and steps 2 and 3 in Tutorial: Delegate 16275 // Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) 16276 // in the IAM User Guide. 16277 // 16278 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 16279 // this parameter. The pattern can include uppercase letters, lowercase letters, 16280 // digits with no spaces, and any of the following characters: =,.@- 16281 RoleName *string `type:"string"` 16282 16283 // A list of tags that you want to attach to the newly created account. These 16284 // tags are attached to the commercial account associated with the GovCloud 16285 // account, and not to the GovCloud account itself. To add tags to the actual 16286 // GovCloud account, call the TagResource operation in the GovCloud region after 16287 // the new GovCloud account exists. 16288 // 16289 // For each tag in the list, you must specify both a tag key and a value. You 16290 // can set the value to an empty string, but you can't set it to null. For more 16291 // information about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 16292 // in the AWS Organizations User Guide. 16293 // 16294 // If any one of the tags is invalid or if you exceed the allowed number of 16295 // tags for an account, then the entire request fails and the account is not 16296 // created. 16297 Tags []*Tag `type:"list"` 16298 } 16299 16300 // String returns the string representation. 16301 // 16302 // API parameter values that are decorated as "sensitive" in the API will not 16303 // be included in the string output. The member name will be present, but the 16304 // value will be replaced with "sensitive". 16305 func (s CreateGovCloudAccountInput) String() string { 16306 return awsutil.Prettify(s) 16307 } 16308 16309 // GoString returns the string representation. 16310 // 16311 // API parameter values that are decorated as "sensitive" in the API will not 16312 // be included in the string output. The member name will be present, but the 16313 // value will be replaced with "sensitive". 16314 func (s CreateGovCloudAccountInput) GoString() string { 16315 return s.String() 16316 } 16317 16318 // Validate inspects the fields of the type to determine if they are valid. 16319 func (s *CreateGovCloudAccountInput) Validate() error { 16320 invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"} 16321 if s.AccountName == nil { 16322 invalidParams.Add(request.NewErrParamRequired("AccountName")) 16323 } 16324 if s.AccountName != nil && len(*s.AccountName) < 1 { 16325 invalidParams.Add(request.NewErrParamMinLen("AccountName", 1)) 16326 } 16327 if s.Email == nil { 16328 invalidParams.Add(request.NewErrParamRequired("Email")) 16329 } 16330 if s.Email != nil && len(*s.Email) < 6 { 16331 invalidParams.Add(request.NewErrParamMinLen("Email", 6)) 16332 } 16333 if s.Tags != nil { 16334 for i, v := range s.Tags { 16335 if v == nil { 16336 continue 16337 } 16338 if err := v.Validate(); err != nil { 16339 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 16340 } 16341 } 16342 } 16343 16344 if invalidParams.Len() > 0 { 16345 return invalidParams 16346 } 16347 return nil 16348 } 16349 16350 // SetAccountName sets the AccountName field's value. 16351 func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput { 16352 s.AccountName = &v 16353 return s 16354 } 16355 16356 // SetEmail sets the Email field's value. 16357 func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput { 16358 s.Email = &v 16359 return s 16360 } 16361 16362 // SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value. 16363 func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput { 16364 s.IamUserAccessToBilling = &v 16365 return s 16366 } 16367 16368 // SetRoleName sets the RoleName field's value. 16369 func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput { 16370 s.RoleName = &v 16371 return s 16372 } 16373 16374 // SetTags sets the Tags field's value. 16375 func (s *CreateGovCloudAccountInput) SetTags(v []*Tag) *CreateGovCloudAccountInput { 16376 s.Tags = v 16377 return s 16378 } 16379 16380 type CreateGovCloudAccountOutput struct { 16381 _ struct{} `type:"structure"` 16382 16383 // Contains the status about a CreateAccount or CreateGovCloudAccount request 16384 // to create an AWS account or an AWS GovCloud (US) account in an organization. 16385 CreateAccountStatus *CreateAccountStatus `type:"structure"` 16386 } 16387 16388 // String returns the string representation. 16389 // 16390 // API parameter values that are decorated as "sensitive" in the API will not 16391 // be included in the string output. The member name will be present, but the 16392 // value will be replaced with "sensitive". 16393 func (s CreateGovCloudAccountOutput) String() string { 16394 return awsutil.Prettify(s) 16395 } 16396 16397 // GoString returns the string representation. 16398 // 16399 // API parameter values that are decorated as "sensitive" in the API will not 16400 // be included in the string output. The member name will be present, but the 16401 // value will be replaced with "sensitive". 16402 func (s CreateGovCloudAccountOutput) GoString() string { 16403 return s.String() 16404 } 16405 16406 // SetCreateAccountStatus sets the CreateAccountStatus field's value. 16407 func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput { 16408 s.CreateAccountStatus = v 16409 return s 16410 } 16411 16412 type CreateOrganizationInput struct { 16413 _ struct{} `type:"structure"` 16414 16415 // Specifies the feature set supported by the new organization. Each feature 16416 // set supports different levels of functionality. 16417 // 16418 // * CONSOLIDATED_BILLING: All member accounts have their bills consolidated 16419 // to and paid by the management account. For more information, see Consolidated 16420 // billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only) 16421 // in the AWS Organizations User Guide. The consolidated billing feature 16422 // subset isn't available for organizations in the AWS GovCloud (US) Region. 16423 // 16424 // * ALL: In addition to all the features supported by the consolidated billing 16425 // feature set, the management account can also apply any policy type to 16426 // any member account in the organization. For more information, see All 16427 // features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all) 16428 // in the AWS Organizations User Guide. 16429 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 16430 } 16431 16432 // String returns the string representation. 16433 // 16434 // API parameter values that are decorated as "sensitive" in the API will not 16435 // be included in the string output. The member name will be present, but the 16436 // value will be replaced with "sensitive". 16437 func (s CreateOrganizationInput) String() string { 16438 return awsutil.Prettify(s) 16439 } 16440 16441 // GoString returns the string representation. 16442 // 16443 // API parameter values that are decorated as "sensitive" in the API will not 16444 // be included in the string output. The member name will be present, but the 16445 // value will be replaced with "sensitive". 16446 func (s CreateOrganizationInput) GoString() string { 16447 return s.String() 16448 } 16449 16450 // SetFeatureSet sets the FeatureSet field's value. 16451 func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput { 16452 s.FeatureSet = &v 16453 return s 16454 } 16455 16456 type CreateOrganizationOutput struct { 16457 _ struct{} `type:"structure"` 16458 16459 // A structure that contains details about the newly created organization. 16460 Organization *Organization `type:"structure"` 16461 } 16462 16463 // String returns the string representation. 16464 // 16465 // API parameter values that are decorated as "sensitive" in the API will not 16466 // be included in the string output. The member name will be present, but the 16467 // value will be replaced with "sensitive". 16468 func (s CreateOrganizationOutput) String() string { 16469 return awsutil.Prettify(s) 16470 } 16471 16472 // GoString returns the string representation. 16473 // 16474 // API parameter values that are decorated as "sensitive" in the API will not 16475 // be included in the string output. The member name will be present, but the 16476 // value will be replaced with "sensitive". 16477 func (s CreateOrganizationOutput) GoString() string { 16478 return s.String() 16479 } 16480 16481 // SetOrganization sets the Organization field's value. 16482 func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput { 16483 s.Organization = v 16484 return s 16485 } 16486 16487 type CreateOrganizationalUnitInput struct { 16488 _ struct{} `type:"structure"` 16489 16490 // The friendly name to assign to the new OU. 16491 // 16492 // Name is a required field 16493 Name *string `min:"1" type:"string" required:"true"` 16494 16495 // The unique identifier (ID) of the parent root or OU that you want to create 16496 // the new OU in. 16497 // 16498 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 16499 // requires one of the following: 16500 // 16501 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 16502 // letters or digits. 16503 // 16504 // * Organizational unit (OU) - A string that begins with "ou-" followed 16505 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 16506 // OU is in). This string is followed by a second "-" dash and from 8 to 16507 // 32 additional lowercase letters or digits. 16508 // 16509 // ParentId is a required field 16510 ParentId *string `type:"string" required:"true"` 16511 16512 // A list of tags that you want to attach to the newly created OU. For each 16513 // tag in the list, you must specify both a tag key and a value. You can set 16514 // the value to an empty string, but you can't set it to null. For more information 16515 // about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 16516 // in the AWS Organizations User Guide. 16517 // 16518 // If any one of the tags is invalid or if you exceed the allowed number of 16519 // tags for an OU, then the entire request fails and the OU is not created. 16520 Tags []*Tag `type:"list"` 16521 } 16522 16523 // String returns the string representation. 16524 // 16525 // API parameter values that are decorated as "sensitive" in the API will not 16526 // be included in the string output. The member name will be present, but the 16527 // value will be replaced with "sensitive". 16528 func (s CreateOrganizationalUnitInput) String() string { 16529 return awsutil.Prettify(s) 16530 } 16531 16532 // GoString returns the string representation. 16533 // 16534 // API parameter values that are decorated as "sensitive" in the API will not 16535 // be included in the string output. The member name will be present, but the 16536 // value will be replaced with "sensitive". 16537 func (s CreateOrganizationalUnitInput) GoString() string { 16538 return s.String() 16539 } 16540 16541 // Validate inspects the fields of the type to determine if they are valid. 16542 func (s *CreateOrganizationalUnitInput) Validate() error { 16543 invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"} 16544 if s.Name == nil { 16545 invalidParams.Add(request.NewErrParamRequired("Name")) 16546 } 16547 if s.Name != nil && len(*s.Name) < 1 { 16548 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 16549 } 16550 if s.ParentId == nil { 16551 invalidParams.Add(request.NewErrParamRequired("ParentId")) 16552 } 16553 if s.Tags != nil { 16554 for i, v := range s.Tags { 16555 if v == nil { 16556 continue 16557 } 16558 if err := v.Validate(); err != nil { 16559 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 16560 } 16561 } 16562 } 16563 16564 if invalidParams.Len() > 0 { 16565 return invalidParams 16566 } 16567 return nil 16568 } 16569 16570 // SetName sets the Name field's value. 16571 func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput { 16572 s.Name = &v 16573 return s 16574 } 16575 16576 // SetParentId sets the ParentId field's value. 16577 func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput { 16578 s.ParentId = &v 16579 return s 16580 } 16581 16582 // SetTags sets the Tags field's value. 16583 func (s *CreateOrganizationalUnitInput) SetTags(v []*Tag) *CreateOrganizationalUnitInput { 16584 s.Tags = v 16585 return s 16586 } 16587 16588 type CreateOrganizationalUnitOutput struct { 16589 _ struct{} `type:"structure"` 16590 16591 // A structure that contains details about the newly created OU. 16592 OrganizationalUnit *OrganizationalUnit `type:"structure"` 16593 } 16594 16595 // String returns the string representation. 16596 // 16597 // API parameter values that are decorated as "sensitive" in the API will not 16598 // be included in the string output. The member name will be present, but the 16599 // value will be replaced with "sensitive". 16600 func (s CreateOrganizationalUnitOutput) String() string { 16601 return awsutil.Prettify(s) 16602 } 16603 16604 // GoString returns the string representation. 16605 // 16606 // API parameter values that are decorated as "sensitive" in the API will not 16607 // be included in the string output. The member name will be present, but the 16608 // value will be replaced with "sensitive". 16609 func (s CreateOrganizationalUnitOutput) GoString() string { 16610 return s.String() 16611 } 16612 16613 // SetOrganizationalUnit sets the OrganizationalUnit field's value. 16614 func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput { 16615 s.OrganizationalUnit = v 16616 return s 16617 } 16618 16619 type CreatePolicyInput struct { 16620 _ struct{} `type:"structure"` 16621 16622 // The policy text content to add to the new policy. The text that you supply 16623 // must adhere to the rules of the policy type you specify in the Type parameter. 16624 // 16625 // Content is a required field 16626 Content *string `min:"1" type:"string" required:"true"` 16627 16628 // An optional description to assign to the policy. 16629 // 16630 // Description is a required field 16631 Description *string `type:"string" required:"true"` 16632 16633 // The friendly name to assign to the policy. 16634 // 16635 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 16636 // this parameter is a string of any of the characters in the ASCII character 16637 // range. 16638 // 16639 // Name is a required field 16640 Name *string `min:"1" type:"string" required:"true"` 16641 16642 // A list of tags that you want to attach to the newly created policy. For each 16643 // tag in the list, you must specify both a tag key and a value. You can set 16644 // the value to an empty string, but you can't set it to null. For more information 16645 // about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 16646 // in the AWS Organizations User Guide. 16647 // 16648 // If any one of the tags is invalid or if you exceed the allowed number of 16649 // tags for a policy, then the entire request fails and the policy is not created. 16650 Tags []*Tag `type:"list"` 16651 16652 // The type of policy to create. You can specify one of the following values: 16653 // 16654 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 16655 // 16656 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 16657 // 16658 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 16659 // 16660 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 16661 // 16662 // Type is a required field 16663 Type *string `type:"string" required:"true" enum:"PolicyType"` 16664 } 16665 16666 // String returns the string representation. 16667 // 16668 // API parameter values that are decorated as "sensitive" in the API will not 16669 // be included in the string output. The member name will be present, but the 16670 // value will be replaced with "sensitive". 16671 func (s CreatePolicyInput) String() string { 16672 return awsutil.Prettify(s) 16673 } 16674 16675 // GoString returns the string representation. 16676 // 16677 // API parameter values that are decorated as "sensitive" in the API will not 16678 // be included in the string output. The member name will be present, but the 16679 // value will be replaced with "sensitive". 16680 func (s CreatePolicyInput) GoString() string { 16681 return s.String() 16682 } 16683 16684 // Validate inspects the fields of the type to determine if they are valid. 16685 func (s *CreatePolicyInput) Validate() error { 16686 invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"} 16687 if s.Content == nil { 16688 invalidParams.Add(request.NewErrParamRequired("Content")) 16689 } 16690 if s.Content != nil && len(*s.Content) < 1 { 16691 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 16692 } 16693 if s.Description == nil { 16694 invalidParams.Add(request.NewErrParamRequired("Description")) 16695 } 16696 if s.Name == nil { 16697 invalidParams.Add(request.NewErrParamRequired("Name")) 16698 } 16699 if s.Name != nil && len(*s.Name) < 1 { 16700 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 16701 } 16702 if s.Type == nil { 16703 invalidParams.Add(request.NewErrParamRequired("Type")) 16704 } 16705 if s.Tags != nil { 16706 for i, v := range s.Tags { 16707 if v == nil { 16708 continue 16709 } 16710 if err := v.Validate(); err != nil { 16711 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 16712 } 16713 } 16714 } 16715 16716 if invalidParams.Len() > 0 { 16717 return invalidParams 16718 } 16719 return nil 16720 } 16721 16722 // SetContent sets the Content field's value. 16723 func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput { 16724 s.Content = &v 16725 return s 16726 } 16727 16728 // SetDescription sets the Description field's value. 16729 func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput { 16730 s.Description = &v 16731 return s 16732 } 16733 16734 // SetName sets the Name field's value. 16735 func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput { 16736 s.Name = &v 16737 return s 16738 } 16739 16740 // SetTags sets the Tags field's value. 16741 func (s *CreatePolicyInput) SetTags(v []*Tag) *CreatePolicyInput { 16742 s.Tags = v 16743 return s 16744 } 16745 16746 // SetType sets the Type field's value. 16747 func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput { 16748 s.Type = &v 16749 return s 16750 } 16751 16752 type CreatePolicyOutput struct { 16753 _ struct{} `type:"structure"` 16754 16755 // A structure that contains details about the newly created policy. 16756 Policy *Policy `type:"structure"` 16757 } 16758 16759 // String returns the string representation. 16760 // 16761 // API parameter values that are decorated as "sensitive" in the API will not 16762 // be included in the string output. The member name will be present, but the 16763 // value will be replaced with "sensitive". 16764 func (s CreatePolicyOutput) String() string { 16765 return awsutil.Prettify(s) 16766 } 16767 16768 // GoString returns the string representation. 16769 // 16770 // API parameter values that are decorated as "sensitive" in the API will not 16771 // be included in the string output. The member name will be present, but the 16772 // value will be replaced with "sensitive". 16773 func (s CreatePolicyOutput) GoString() string { 16774 return s.String() 16775 } 16776 16777 // SetPolicy sets the Policy field's value. 16778 func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput { 16779 s.Policy = v 16780 return s 16781 } 16782 16783 type DeclineHandshakeInput struct { 16784 _ struct{} `type:"structure"` 16785 16786 // The unique identifier (ID) of the handshake that you want to decline. You 16787 // can get the ID from the ListHandshakesForAccount operation. 16788 // 16789 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 16790 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 16791 // 16792 // HandshakeId is a required field 16793 HandshakeId *string `type:"string" required:"true"` 16794 } 16795 16796 // String returns the string representation. 16797 // 16798 // API parameter values that are decorated as "sensitive" in the API will not 16799 // be included in the string output. The member name will be present, but the 16800 // value will be replaced with "sensitive". 16801 func (s DeclineHandshakeInput) String() string { 16802 return awsutil.Prettify(s) 16803 } 16804 16805 // GoString returns the string representation. 16806 // 16807 // API parameter values that are decorated as "sensitive" in the API will not 16808 // be included in the string output. The member name will be present, but the 16809 // value will be replaced with "sensitive". 16810 func (s DeclineHandshakeInput) GoString() string { 16811 return s.String() 16812 } 16813 16814 // Validate inspects the fields of the type to determine if they are valid. 16815 func (s *DeclineHandshakeInput) Validate() error { 16816 invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"} 16817 if s.HandshakeId == nil { 16818 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 16819 } 16820 16821 if invalidParams.Len() > 0 { 16822 return invalidParams 16823 } 16824 return nil 16825 } 16826 16827 // SetHandshakeId sets the HandshakeId field's value. 16828 func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput { 16829 s.HandshakeId = &v 16830 return s 16831 } 16832 16833 type DeclineHandshakeOutput struct { 16834 _ struct{} `type:"structure"` 16835 16836 // A structure that contains details about the declined handshake. The state 16837 // is updated to show the value DECLINED. 16838 Handshake *Handshake `type:"structure"` 16839 } 16840 16841 // String returns the string representation. 16842 // 16843 // API parameter values that are decorated as "sensitive" in the API will not 16844 // be included in the string output. The member name will be present, but the 16845 // value will be replaced with "sensitive". 16846 func (s DeclineHandshakeOutput) String() string { 16847 return awsutil.Prettify(s) 16848 } 16849 16850 // GoString returns the string representation. 16851 // 16852 // API parameter values that are decorated as "sensitive" in the API will not 16853 // be included in the string output. The member name will be present, but the 16854 // value will be replaced with "sensitive". 16855 func (s DeclineHandshakeOutput) GoString() string { 16856 return s.String() 16857 } 16858 16859 // SetHandshake sets the Handshake field's value. 16860 func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput { 16861 s.Handshake = v 16862 return s 16863 } 16864 16865 // Contains information about the delegated administrator. 16866 type DelegatedAdministrator struct { 16867 _ struct{} `type:"structure"` 16868 16869 // The Amazon Resource Name (ARN) of the delegated administrator's account. 16870 Arn *string `type:"string"` 16871 16872 // The date when the account was made a delegated administrator. 16873 DelegationEnabledDate *time.Time `type:"timestamp"` 16874 16875 // The email address that is associated with the delegated administrator's AWS 16876 // account. 16877 // 16878 // Email is a sensitive parameter and its value will be 16879 // replaced with "sensitive" in string returned by DelegatedAdministrator's 16880 // String and GoString methods. 16881 Email *string `min:"6" type:"string" sensitive:"true"` 16882 16883 // The unique identifier (ID) of the delegated administrator's account. 16884 Id *string `type:"string"` 16885 16886 // The method by which the delegated administrator's account joined the organization. 16887 JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"` 16888 16889 // The date when the delegated administrator's account became a part of the 16890 // organization. 16891 JoinedTimestamp *time.Time `type:"timestamp"` 16892 16893 // The friendly name of the delegated administrator's account. 16894 // 16895 // Name is a sensitive parameter and its value will be 16896 // replaced with "sensitive" in string returned by DelegatedAdministrator's 16897 // String and GoString methods. 16898 Name *string `min:"1" type:"string" sensitive:"true"` 16899 16900 // The status of the delegated administrator's account in the organization. 16901 Status *string `type:"string" enum:"AccountStatus"` 16902 } 16903 16904 // String returns the string representation. 16905 // 16906 // API parameter values that are decorated as "sensitive" in the API will not 16907 // be included in the string output. The member name will be present, but the 16908 // value will be replaced with "sensitive". 16909 func (s DelegatedAdministrator) String() string { 16910 return awsutil.Prettify(s) 16911 } 16912 16913 // GoString returns the string representation. 16914 // 16915 // API parameter values that are decorated as "sensitive" in the API will not 16916 // be included in the string output. The member name will be present, but the 16917 // value will be replaced with "sensitive". 16918 func (s DelegatedAdministrator) GoString() string { 16919 return s.String() 16920 } 16921 16922 // SetArn sets the Arn field's value. 16923 func (s *DelegatedAdministrator) SetArn(v string) *DelegatedAdministrator { 16924 s.Arn = &v 16925 return s 16926 } 16927 16928 // SetDelegationEnabledDate sets the DelegationEnabledDate field's value. 16929 func (s *DelegatedAdministrator) SetDelegationEnabledDate(v time.Time) *DelegatedAdministrator { 16930 s.DelegationEnabledDate = &v 16931 return s 16932 } 16933 16934 // SetEmail sets the Email field's value. 16935 func (s *DelegatedAdministrator) SetEmail(v string) *DelegatedAdministrator { 16936 s.Email = &v 16937 return s 16938 } 16939 16940 // SetId sets the Id field's value. 16941 func (s *DelegatedAdministrator) SetId(v string) *DelegatedAdministrator { 16942 s.Id = &v 16943 return s 16944 } 16945 16946 // SetJoinedMethod sets the JoinedMethod field's value. 16947 func (s *DelegatedAdministrator) SetJoinedMethod(v string) *DelegatedAdministrator { 16948 s.JoinedMethod = &v 16949 return s 16950 } 16951 16952 // SetJoinedTimestamp sets the JoinedTimestamp field's value. 16953 func (s *DelegatedAdministrator) SetJoinedTimestamp(v time.Time) *DelegatedAdministrator { 16954 s.JoinedTimestamp = &v 16955 return s 16956 } 16957 16958 // SetName sets the Name field's value. 16959 func (s *DelegatedAdministrator) SetName(v string) *DelegatedAdministrator { 16960 s.Name = &v 16961 return s 16962 } 16963 16964 // SetStatus sets the Status field's value. 16965 func (s *DelegatedAdministrator) SetStatus(v string) *DelegatedAdministrator { 16966 s.Status = &v 16967 return s 16968 } 16969 16970 // Contains information about the AWS service for which the account is a delegated 16971 // administrator. 16972 type DelegatedService struct { 16973 _ struct{} `type:"structure"` 16974 16975 // The date that the account became a delegated administrator for this service. 16976 DelegationEnabledDate *time.Time `type:"timestamp"` 16977 16978 // The name of an AWS service that can request an operation for the specified 16979 // service. This is typically in the form of a URL, such as: servicename.amazonaws.com. 16980 ServicePrincipal *string `min:"1" type:"string"` 16981 } 16982 16983 // String returns the string representation. 16984 // 16985 // API parameter values that are decorated as "sensitive" in the API will not 16986 // be included in the string output. The member name will be present, but the 16987 // value will be replaced with "sensitive". 16988 func (s DelegatedService) String() string { 16989 return awsutil.Prettify(s) 16990 } 16991 16992 // GoString returns the string representation. 16993 // 16994 // API parameter values that are decorated as "sensitive" in the API will not 16995 // be included in the string output. The member name will be present, but the 16996 // value will be replaced with "sensitive". 16997 func (s DelegatedService) GoString() string { 16998 return s.String() 16999 } 17000 17001 // SetDelegationEnabledDate sets the DelegationEnabledDate field's value. 17002 func (s *DelegatedService) SetDelegationEnabledDate(v time.Time) *DelegatedService { 17003 s.DelegationEnabledDate = &v 17004 return s 17005 } 17006 17007 // SetServicePrincipal sets the ServicePrincipal field's value. 17008 func (s *DelegatedService) SetServicePrincipal(v string) *DelegatedService { 17009 s.ServicePrincipal = &v 17010 return s 17011 } 17012 17013 type DeleteOrganizationInput struct { 17014 _ struct{} `type:"structure"` 17015 } 17016 17017 // String returns the string representation. 17018 // 17019 // API parameter values that are decorated as "sensitive" in the API will not 17020 // be included in the string output. The member name will be present, but the 17021 // value will be replaced with "sensitive". 17022 func (s DeleteOrganizationInput) String() string { 17023 return awsutil.Prettify(s) 17024 } 17025 17026 // GoString returns the string representation. 17027 // 17028 // API parameter values that are decorated as "sensitive" in the API will not 17029 // be included in the string output. The member name will be present, but the 17030 // value will be replaced with "sensitive". 17031 func (s DeleteOrganizationInput) GoString() string { 17032 return s.String() 17033 } 17034 17035 type DeleteOrganizationOutput struct { 17036 _ struct{} `type:"structure"` 17037 } 17038 17039 // String returns the string representation. 17040 // 17041 // API parameter values that are decorated as "sensitive" in the API will not 17042 // be included in the string output. The member name will be present, but the 17043 // value will be replaced with "sensitive". 17044 func (s DeleteOrganizationOutput) String() string { 17045 return awsutil.Prettify(s) 17046 } 17047 17048 // GoString returns the string representation. 17049 // 17050 // API parameter values that are decorated as "sensitive" in the API will not 17051 // be included in the string output. The member name will be present, but the 17052 // value will be replaced with "sensitive". 17053 func (s DeleteOrganizationOutput) GoString() string { 17054 return s.String() 17055 } 17056 17057 type DeleteOrganizationalUnitInput struct { 17058 _ struct{} `type:"structure"` 17059 17060 // The unique identifier (ID) of the organizational unit that you want to delete. 17061 // You can get the ID from the ListOrganizationalUnitsForParent operation. 17062 // 17063 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 17064 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 17065 // or digits (the ID of the root that contains the OU). This string is followed 17066 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 17067 // 17068 // OrganizationalUnitId is a required field 17069 OrganizationalUnitId *string `type:"string" required:"true"` 17070 } 17071 17072 // String returns the string representation. 17073 // 17074 // API parameter values that are decorated as "sensitive" in the API will not 17075 // be included in the string output. The member name will be present, but the 17076 // value will be replaced with "sensitive". 17077 func (s DeleteOrganizationalUnitInput) String() string { 17078 return awsutil.Prettify(s) 17079 } 17080 17081 // GoString returns the string representation. 17082 // 17083 // API parameter values that are decorated as "sensitive" in the API will not 17084 // be included in the string output. The member name will be present, but the 17085 // value will be replaced with "sensitive". 17086 func (s DeleteOrganizationalUnitInput) GoString() string { 17087 return s.String() 17088 } 17089 17090 // Validate inspects the fields of the type to determine if they are valid. 17091 func (s *DeleteOrganizationalUnitInput) Validate() error { 17092 invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"} 17093 if s.OrganizationalUnitId == nil { 17094 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 17095 } 17096 17097 if invalidParams.Len() > 0 { 17098 return invalidParams 17099 } 17100 return nil 17101 } 17102 17103 // SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 17104 func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput { 17105 s.OrganizationalUnitId = &v 17106 return s 17107 } 17108 17109 type DeleteOrganizationalUnitOutput struct { 17110 _ struct{} `type:"structure"` 17111 } 17112 17113 // String returns the string representation. 17114 // 17115 // API parameter values that are decorated as "sensitive" in the API will not 17116 // be included in the string output. The member name will be present, but the 17117 // value will be replaced with "sensitive". 17118 func (s DeleteOrganizationalUnitOutput) String() string { 17119 return awsutil.Prettify(s) 17120 } 17121 17122 // GoString returns the string representation. 17123 // 17124 // API parameter values that are decorated as "sensitive" in the API will not 17125 // be included in the string output. The member name will be present, but the 17126 // value will be replaced with "sensitive". 17127 func (s DeleteOrganizationalUnitOutput) GoString() string { 17128 return s.String() 17129 } 17130 17131 type DeletePolicyInput struct { 17132 _ struct{} `type:"structure"` 17133 17134 // The unique identifier (ID) of the policy that you want to delete. You can 17135 // get the ID from the ListPolicies or ListPoliciesForTarget operations. 17136 // 17137 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 17138 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 17139 // or the underscore character (_). 17140 // 17141 // PolicyId is a required field 17142 PolicyId *string `type:"string" required:"true"` 17143 } 17144 17145 // String returns the string representation. 17146 // 17147 // API parameter values that are decorated as "sensitive" in the API will not 17148 // be included in the string output. The member name will be present, but the 17149 // value will be replaced with "sensitive". 17150 func (s DeletePolicyInput) String() string { 17151 return awsutil.Prettify(s) 17152 } 17153 17154 // GoString returns the string representation. 17155 // 17156 // API parameter values that are decorated as "sensitive" in the API will not 17157 // be included in the string output. The member name will be present, but the 17158 // value will be replaced with "sensitive". 17159 func (s DeletePolicyInput) GoString() string { 17160 return s.String() 17161 } 17162 17163 // Validate inspects the fields of the type to determine if they are valid. 17164 func (s *DeletePolicyInput) Validate() error { 17165 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 17166 if s.PolicyId == nil { 17167 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 17168 } 17169 17170 if invalidParams.Len() > 0 { 17171 return invalidParams 17172 } 17173 return nil 17174 } 17175 17176 // SetPolicyId sets the PolicyId field's value. 17177 func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput { 17178 s.PolicyId = &v 17179 return s 17180 } 17181 17182 type DeletePolicyOutput struct { 17183 _ struct{} `type:"structure"` 17184 } 17185 17186 // String returns the string representation. 17187 // 17188 // API parameter values that are decorated as "sensitive" in the API will not 17189 // be included in the string output. The member name will be present, but the 17190 // value will be replaced with "sensitive". 17191 func (s DeletePolicyOutput) String() string { 17192 return awsutil.Prettify(s) 17193 } 17194 17195 // GoString returns the string representation. 17196 // 17197 // API parameter values that are decorated as "sensitive" in the API will not 17198 // be included in the string output. The member name will be present, but the 17199 // value will be replaced with "sensitive". 17200 func (s DeletePolicyOutput) GoString() string { 17201 return s.String() 17202 } 17203 17204 type DeregisterDelegatedAdministratorInput struct { 17205 _ struct{} `type:"structure"` 17206 17207 // The account ID number of the member account in the organization that you 17208 // want to deregister as a delegated administrator. 17209 // 17210 // AccountId is a required field 17211 AccountId *string `type:"string" required:"true"` 17212 17213 // The service principal name of an AWS service for which the account is a delegated 17214 // administrator. 17215 // 17216 // Delegated administrator privileges are revoked for only the specified AWS 17217 // service from the member account. If the specified service is the only service 17218 // for which the member account is a delegated administrator, the operation 17219 // also revokes Organizations read action permissions. 17220 // 17221 // ServicePrincipal is a required field 17222 ServicePrincipal *string `min:"1" type:"string" required:"true"` 17223 } 17224 17225 // String returns the string representation. 17226 // 17227 // API parameter values that are decorated as "sensitive" in the API will not 17228 // be included in the string output. The member name will be present, but the 17229 // value will be replaced with "sensitive". 17230 func (s DeregisterDelegatedAdministratorInput) String() string { 17231 return awsutil.Prettify(s) 17232 } 17233 17234 // GoString returns the string representation. 17235 // 17236 // API parameter values that are decorated as "sensitive" in the API will not 17237 // be included in the string output. The member name will be present, but the 17238 // value will be replaced with "sensitive". 17239 func (s DeregisterDelegatedAdministratorInput) GoString() string { 17240 return s.String() 17241 } 17242 17243 // Validate inspects the fields of the type to determine if they are valid. 17244 func (s *DeregisterDelegatedAdministratorInput) Validate() error { 17245 invalidParams := request.ErrInvalidParams{Context: "DeregisterDelegatedAdministratorInput"} 17246 if s.AccountId == nil { 17247 invalidParams.Add(request.NewErrParamRequired("AccountId")) 17248 } 17249 if s.ServicePrincipal == nil { 17250 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 17251 } 17252 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 17253 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 17254 } 17255 17256 if invalidParams.Len() > 0 { 17257 return invalidParams 17258 } 17259 return nil 17260 } 17261 17262 // SetAccountId sets the AccountId field's value. 17263 func (s *DeregisterDelegatedAdministratorInput) SetAccountId(v string) *DeregisterDelegatedAdministratorInput { 17264 s.AccountId = &v 17265 return s 17266 } 17267 17268 // SetServicePrincipal sets the ServicePrincipal field's value. 17269 func (s *DeregisterDelegatedAdministratorInput) SetServicePrincipal(v string) *DeregisterDelegatedAdministratorInput { 17270 s.ServicePrincipal = &v 17271 return s 17272 } 17273 17274 type DeregisterDelegatedAdministratorOutput struct { 17275 _ struct{} `type:"structure"` 17276 } 17277 17278 // String returns the string representation. 17279 // 17280 // API parameter values that are decorated as "sensitive" in the API will not 17281 // be included in the string output. The member name will be present, but the 17282 // value will be replaced with "sensitive". 17283 func (s DeregisterDelegatedAdministratorOutput) String() string { 17284 return awsutil.Prettify(s) 17285 } 17286 17287 // GoString returns the string representation. 17288 // 17289 // API parameter values that are decorated as "sensitive" in the API will not 17290 // be included in the string output. The member name will be present, but the 17291 // value will be replaced with "sensitive". 17292 func (s DeregisterDelegatedAdministratorOutput) GoString() string { 17293 return s.String() 17294 } 17295 17296 type DescribeAccountInput struct { 17297 _ struct{} `type:"structure"` 17298 17299 // The unique identifier (ID) of the AWS account that you want information about. 17300 // You can get the ID from the ListAccounts or ListAccountsForParent operations. 17301 // 17302 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 17303 // requires exactly 12 digits. 17304 // 17305 // AccountId is a required field 17306 AccountId *string `type:"string" required:"true"` 17307 } 17308 17309 // String returns the string representation. 17310 // 17311 // API parameter values that are decorated as "sensitive" in the API will not 17312 // be included in the string output. The member name will be present, but the 17313 // value will be replaced with "sensitive". 17314 func (s DescribeAccountInput) String() string { 17315 return awsutil.Prettify(s) 17316 } 17317 17318 // GoString returns the string representation. 17319 // 17320 // API parameter values that are decorated as "sensitive" in the API will not 17321 // be included in the string output. The member name will be present, but the 17322 // value will be replaced with "sensitive". 17323 func (s DescribeAccountInput) GoString() string { 17324 return s.String() 17325 } 17326 17327 // Validate inspects the fields of the type to determine if they are valid. 17328 func (s *DescribeAccountInput) Validate() error { 17329 invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"} 17330 if s.AccountId == nil { 17331 invalidParams.Add(request.NewErrParamRequired("AccountId")) 17332 } 17333 17334 if invalidParams.Len() > 0 { 17335 return invalidParams 17336 } 17337 return nil 17338 } 17339 17340 // SetAccountId sets the AccountId field's value. 17341 func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput { 17342 s.AccountId = &v 17343 return s 17344 } 17345 17346 type DescribeAccountOutput struct { 17347 _ struct{} `type:"structure"` 17348 17349 // A structure that contains information about the requested account. 17350 Account *Account `type:"structure"` 17351 } 17352 17353 // String returns the string representation. 17354 // 17355 // API parameter values that are decorated as "sensitive" in the API will not 17356 // be included in the string output. The member name will be present, but the 17357 // value will be replaced with "sensitive". 17358 func (s DescribeAccountOutput) String() string { 17359 return awsutil.Prettify(s) 17360 } 17361 17362 // GoString returns the string representation. 17363 // 17364 // API parameter values that are decorated as "sensitive" in the API will not 17365 // be included in the string output. The member name will be present, but the 17366 // value will be replaced with "sensitive". 17367 func (s DescribeAccountOutput) GoString() string { 17368 return s.String() 17369 } 17370 17371 // SetAccount sets the Account field's value. 17372 func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput { 17373 s.Account = v 17374 return s 17375 } 17376 17377 type DescribeCreateAccountStatusInput struct { 17378 _ struct{} `type:"structure"` 17379 17380 // Specifies the Id value that uniquely identifies the CreateAccount request. 17381 // You can get the value from the CreateAccountStatus.Id response in an earlier 17382 // CreateAccount request, or from the ListCreateAccountStatus operation. 17383 // 17384 // The regex pattern (http://wikipedia.org/wiki/regex) for a create account 17385 // request ID string requires "car-" followed by from 8 to 32 lowercase letters 17386 // or digits. 17387 // 17388 // CreateAccountRequestId is a required field 17389 CreateAccountRequestId *string `type:"string" required:"true"` 17390 } 17391 17392 // String returns the string representation. 17393 // 17394 // API parameter values that are decorated as "sensitive" in the API will not 17395 // be included in the string output. The member name will be present, but the 17396 // value will be replaced with "sensitive". 17397 func (s DescribeCreateAccountStatusInput) String() string { 17398 return awsutil.Prettify(s) 17399 } 17400 17401 // GoString returns the string representation. 17402 // 17403 // API parameter values that are decorated as "sensitive" in the API will not 17404 // be included in the string output. The member name will be present, but the 17405 // value will be replaced with "sensitive". 17406 func (s DescribeCreateAccountStatusInput) GoString() string { 17407 return s.String() 17408 } 17409 17410 // Validate inspects the fields of the type to determine if they are valid. 17411 func (s *DescribeCreateAccountStatusInput) Validate() error { 17412 invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"} 17413 if s.CreateAccountRequestId == nil { 17414 invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId")) 17415 } 17416 17417 if invalidParams.Len() > 0 { 17418 return invalidParams 17419 } 17420 return nil 17421 } 17422 17423 // SetCreateAccountRequestId sets the CreateAccountRequestId field's value. 17424 func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput { 17425 s.CreateAccountRequestId = &v 17426 return s 17427 } 17428 17429 type DescribeCreateAccountStatusOutput struct { 17430 _ struct{} `type:"structure"` 17431 17432 // A structure that contains the current status of an account creation request. 17433 CreateAccountStatus *CreateAccountStatus `type:"structure"` 17434 } 17435 17436 // String returns the string representation. 17437 // 17438 // API parameter values that are decorated as "sensitive" in the API will not 17439 // be included in the string output. The member name will be present, but the 17440 // value will be replaced with "sensitive". 17441 func (s DescribeCreateAccountStatusOutput) String() string { 17442 return awsutil.Prettify(s) 17443 } 17444 17445 // GoString returns the string representation. 17446 // 17447 // API parameter values that are decorated as "sensitive" in the API will not 17448 // be included in the string output. The member name will be present, but the 17449 // value will be replaced with "sensitive". 17450 func (s DescribeCreateAccountStatusOutput) GoString() string { 17451 return s.String() 17452 } 17453 17454 // SetCreateAccountStatus sets the CreateAccountStatus field's value. 17455 func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput { 17456 s.CreateAccountStatus = v 17457 return s 17458 } 17459 17460 type DescribeEffectivePolicyInput struct { 17461 _ struct{} `type:"structure"` 17462 17463 // The type of policy that you want information about. You can specify one of 17464 // the following values: 17465 // 17466 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 17467 // 17468 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 17469 // 17470 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 17471 // 17472 // PolicyType is a required field 17473 PolicyType *string `type:"string" required:"true" enum:"EffectivePolicyType"` 17474 17475 // When you're signed in as the management account, specify the ID of the account 17476 // that you want details about. Specifying an organization root or organizational 17477 // unit (OU) as the target is not supported. 17478 TargetId *string `type:"string"` 17479 } 17480 17481 // String returns the string representation. 17482 // 17483 // API parameter values that are decorated as "sensitive" in the API will not 17484 // be included in the string output. The member name will be present, but the 17485 // value will be replaced with "sensitive". 17486 func (s DescribeEffectivePolicyInput) String() string { 17487 return awsutil.Prettify(s) 17488 } 17489 17490 // GoString returns the string representation. 17491 // 17492 // API parameter values that are decorated as "sensitive" in the API will not 17493 // be included in the string output. The member name will be present, but the 17494 // value will be replaced with "sensitive". 17495 func (s DescribeEffectivePolicyInput) GoString() string { 17496 return s.String() 17497 } 17498 17499 // Validate inspects the fields of the type to determine if they are valid. 17500 func (s *DescribeEffectivePolicyInput) Validate() error { 17501 invalidParams := request.ErrInvalidParams{Context: "DescribeEffectivePolicyInput"} 17502 if s.PolicyType == nil { 17503 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 17504 } 17505 17506 if invalidParams.Len() > 0 { 17507 return invalidParams 17508 } 17509 return nil 17510 } 17511 17512 // SetPolicyType sets the PolicyType field's value. 17513 func (s *DescribeEffectivePolicyInput) SetPolicyType(v string) *DescribeEffectivePolicyInput { 17514 s.PolicyType = &v 17515 return s 17516 } 17517 17518 // SetTargetId sets the TargetId field's value. 17519 func (s *DescribeEffectivePolicyInput) SetTargetId(v string) *DescribeEffectivePolicyInput { 17520 s.TargetId = &v 17521 return s 17522 } 17523 17524 type DescribeEffectivePolicyOutput struct { 17525 _ struct{} `type:"structure"` 17526 17527 // The contents of the effective policy. 17528 EffectivePolicy *EffectivePolicy `type:"structure"` 17529 } 17530 17531 // String returns the string representation. 17532 // 17533 // API parameter values that are decorated as "sensitive" in the API will not 17534 // be included in the string output. The member name will be present, but the 17535 // value will be replaced with "sensitive". 17536 func (s DescribeEffectivePolicyOutput) String() string { 17537 return awsutil.Prettify(s) 17538 } 17539 17540 // GoString returns the string representation. 17541 // 17542 // API parameter values that are decorated as "sensitive" in the API will not 17543 // be included in the string output. The member name will be present, but the 17544 // value will be replaced with "sensitive". 17545 func (s DescribeEffectivePolicyOutput) GoString() string { 17546 return s.String() 17547 } 17548 17549 // SetEffectivePolicy sets the EffectivePolicy field's value. 17550 func (s *DescribeEffectivePolicyOutput) SetEffectivePolicy(v *EffectivePolicy) *DescribeEffectivePolicyOutput { 17551 s.EffectivePolicy = v 17552 return s 17553 } 17554 17555 type DescribeHandshakeInput struct { 17556 _ struct{} `type:"structure"` 17557 17558 // The unique identifier (ID) of the handshake that you want information about. 17559 // You can get the ID from the original call to InviteAccountToOrganization, 17560 // or from a call to ListHandshakesForAccount or ListHandshakesForOrganization. 17561 // 17562 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 17563 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 17564 // 17565 // HandshakeId is a required field 17566 HandshakeId *string `type:"string" required:"true"` 17567 } 17568 17569 // String returns the string representation. 17570 // 17571 // API parameter values that are decorated as "sensitive" in the API will not 17572 // be included in the string output. The member name will be present, but the 17573 // value will be replaced with "sensitive". 17574 func (s DescribeHandshakeInput) String() string { 17575 return awsutil.Prettify(s) 17576 } 17577 17578 // GoString returns the string representation. 17579 // 17580 // API parameter values that are decorated as "sensitive" in the API will not 17581 // be included in the string output. The member name will be present, but the 17582 // value will be replaced with "sensitive". 17583 func (s DescribeHandshakeInput) GoString() string { 17584 return s.String() 17585 } 17586 17587 // Validate inspects the fields of the type to determine if they are valid. 17588 func (s *DescribeHandshakeInput) Validate() error { 17589 invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"} 17590 if s.HandshakeId == nil { 17591 invalidParams.Add(request.NewErrParamRequired("HandshakeId")) 17592 } 17593 17594 if invalidParams.Len() > 0 { 17595 return invalidParams 17596 } 17597 return nil 17598 } 17599 17600 // SetHandshakeId sets the HandshakeId field's value. 17601 func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput { 17602 s.HandshakeId = &v 17603 return s 17604 } 17605 17606 type DescribeHandshakeOutput struct { 17607 _ struct{} `type:"structure"` 17608 17609 // A structure that contains information about the specified handshake. 17610 Handshake *Handshake `type:"structure"` 17611 } 17612 17613 // String returns the string representation. 17614 // 17615 // API parameter values that are decorated as "sensitive" in the API will not 17616 // be included in the string output. The member name will be present, but the 17617 // value will be replaced with "sensitive". 17618 func (s DescribeHandshakeOutput) String() string { 17619 return awsutil.Prettify(s) 17620 } 17621 17622 // GoString returns the string representation. 17623 // 17624 // API parameter values that are decorated as "sensitive" in the API will not 17625 // be included in the string output. The member name will be present, but the 17626 // value will be replaced with "sensitive". 17627 func (s DescribeHandshakeOutput) GoString() string { 17628 return s.String() 17629 } 17630 17631 // SetHandshake sets the Handshake field's value. 17632 func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput { 17633 s.Handshake = v 17634 return s 17635 } 17636 17637 type DescribeOrganizationInput struct { 17638 _ struct{} `type:"structure"` 17639 } 17640 17641 // String returns the string representation. 17642 // 17643 // API parameter values that are decorated as "sensitive" in the API will not 17644 // be included in the string output. The member name will be present, but the 17645 // value will be replaced with "sensitive". 17646 func (s DescribeOrganizationInput) String() string { 17647 return awsutil.Prettify(s) 17648 } 17649 17650 // GoString returns the string representation. 17651 // 17652 // API parameter values that are decorated as "sensitive" in the API will not 17653 // be included in the string output. The member name will be present, but the 17654 // value will be replaced with "sensitive". 17655 func (s DescribeOrganizationInput) GoString() string { 17656 return s.String() 17657 } 17658 17659 type DescribeOrganizationOutput struct { 17660 _ struct{} `type:"structure"` 17661 17662 // A structure that contains information about the organization. 17663 // 17664 // The AvailablePolicyTypes part of the response is deprecated, and you shouldn't 17665 // use it in your apps. It doesn't include any policy type supported by Organizations 17666 // other than SCPs. To determine which policy types are enabled in your organization, 17667 // use the ListRoots operation. 17668 Organization *Organization `type:"structure"` 17669 } 17670 17671 // String returns the string representation. 17672 // 17673 // API parameter values that are decorated as "sensitive" in the API will not 17674 // be included in the string output. The member name will be present, but the 17675 // value will be replaced with "sensitive". 17676 func (s DescribeOrganizationOutput) String() string { 17677 return awsutil.Prettify(s) 17678 } 17679 17680 // GoString returns the string representation. 17681 // 17682 // API parameter values that are decorated as "sensitive" in the API will not 17683 // be included in the string output. The member name will be present, but the 17684 // value will be replaced with "sensitive". 17685 func (s DescribeOrganizationOutput) GoString() string { 17686 return s.String() 17687 } 17688 17689 // SetOrganization sets the Organization field's value. 17690 func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput { 17691 s.Organization = v 17692 return s 17693 } 17694 17695 type DescribeOrganizationalUnitInput struct { 17696 _ struct{} `type:"structure"` 17697 17698 // The unique identifier (ID) of the organizational unit that you want details 17699 // about. You can get the ID from the ListOrganizationalUnitsForParent operation. 17700 // 17701 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 17702 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 17703 // or digits (the ID of the root that contains the OU). This string is followed 17704 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 17705 // 17706 // OrganizationalUnitId is a required field 17707 OrganizationalUnitId *string `type:"string" required:"true"` 17708 } 17709 17710 // String returns the string representation. 17711 // 17712 // API parameter values that are decorated as "sensitive" in the API will not 17713 // be included in the string output. The member name will be present, but the 17714 // value will be replaced with "sensitive". 17715 func (s DescribeOrganizationalUnitInput) String() string { 17716 return awsutil.Prettify(s) 17717 } 17718 17719 // GoString returns the string representation. 17720 // 17721 // API parameter values that are decorated as "sensitive" in the API will not 17722 // be included in the string output. The member name will be present, but the 17723 // value will be replaced with "sensitive". 17724 func (s DescribeOrganizationalUnitInput) GoString() string { 17725 return s.String() 17726 } 17727 17728 // Validate inspects the fields of the type to determine if they are valid. 17729 func (s *DescribeOrganizationalUnitInput) Validate() error { 17730 invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"} 17731 if s.OrganizationalUnitId == nil { 17732 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 17733 } 17734 17735 if invalidParams.Len() > 0 { 17736 return invalidParams 17737 } 17738 return nil 17739 } 17740 17741 // SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 17742 func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput { 17743 s.OrganizationalUnitId = &v 17744 return s 17745 } 17746 17747 type DescribeOrganizationalUnitOutput struct { 17748 _ struct{} `type:"structure"` 17749 17750 // A structure that contains details about the specified OU. 17751 OrganizationalUnit *OrganizationalUnit `type:"structure"` 17752 } 17753 17754 // String returns the string representation. 17755 // 17756 // API parameter values that are decorated as "sensitive" in the API will not 17757 // be included in the string output. The member name will be present, but the 17758 // value will be replaced with "sensitive". 17759 func (s DescribeOrganizationalUnitOutput) String() string { 17760 return awsutil.Prettify(s) 17761 } 17762 17763 // GoString returns the string representation. 17764 // 17765 // API parameter values that are decorated as "sensitive" in the API will not 17766 // be included in the string output. The member name will be present, but the 17767 // value will be replaced with "sensitive". 17768 func (s DescribeOrganizationalUnitOutput) GoString() string { 17769 return s.String() 17770 } 17771 17772 // SetOrganizationalUnit sets the OrganizationalUnit field's value. 17773 func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput { 17774 s.OrganizationalUnit = v 17775 return s 17776 } 17777 17778 type DescribePolicyInput struct { 17779 _ struct{} `type:"structure"` 17780 17781 // The unique identifier (ID) of the policy that you want details about. You 17782 // can get the ID from the ListPolicies or ListPoliciesForTarget operations. 17783 // 17784 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 17785 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 17786 // or the underscore character (_). 17787 // 17788 // PolicyId is a required field 17789 PolicyId *string `type:"string" required:"true"` 17790 } 17791 17792 // String returns the string representation. 17793 // 17794 // API parameter values that are decorated as "sensitive" in the API will not 17795 // be included in the string output. The member name will be present, but the 17796 // value will be replaced with "sensitive". 17797 func (s DescribePolicyInput) String() string { 17798 return awsutil.Prettify(s) 17799 } 17800 17801 // GoString returns the string representation. 17802 // 17803 // API parameter values that are decorated as "sensitive" in the API will not 17804 // be included in the string output. The member name will be present, but the 17805 // value will be replaced with "sensitive". 17806 func (s DescribePolicyInput) GoString() string { 17807 return s.String() 17808 } 17809 17810 // Validate inspects the fields of the type to determine if they are valid. 17811 func (s *DescribePolicyInput) Validate() error { 17812 invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"} 17813 if s.PolicyId == nil { 17814 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 17815 } 17816 17817 if invalidParams.Len() > 0 { 17818 return invalidParams 17819 } 17820 return nil 17821 } 17822 17823 // SetPolicyId sets the PolicyId field's value. 17824 func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput { 17825 s.PolicyId = &v 17826 return s 17827 } 17828 17829 type DescribePolicyOutput struct { 17830 _ struct{} `type:"structure"` 17831 17832 // A structure that contains details about the specified policy. 17833 Policy *Policy `type:"structure"` 17834 } 17835 17836 // String returns the string representation. 17837 // 17838 // API parameter values that are decorated as "sensitive" in the API will not 17839 // be included in the string output. The member name will be present, but the 17840 // value will be replaced with "sensitive". 17841 func (s DescribePolicyOutput) String() string { 17842 return awsutil.Prettify(s) 17843 } 17844 17845 // GoString returns the string representation. 17846 // 17847 // API parameter values that are decorated as "sensitive" in the API will not 17848 // be included in the string output. The member name will be present, but the 17849 // value will be replaced with "sensitive". 17850 func (s DescribePolicyOutput) GoString() string { 17851 return s.String() 17852 } 17853 17854 // SetPolicy sets the Policy field's value. 17855 func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput { 17856 s.Policy = v 17857 return s 17858 } 17859 17860 // We can't find the destination container (a root or OU) with the ParentId 17861 // that you specified. 17862 type DestinationParentNotFoundException struct { 17863 _ struct{} `type:"structure"` 17864 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 17865 17866 Message_ *string `locationName:"Message" type:"string"` 17867 } 17868 17869 // String returns the string representation. 17870 // 17871 // API parameter values that are decorated as "sensitive" in the API will not 17872 // be included in the string output. The member name will be present, but the 17873 // value will be replaced with "sensitive". 17874 func (s DestinationParentNotFoundException) String() string { 17875 return awsutil.Prettify(s) 17876 } 17877 17878 // GoString returns the string representation. 17879 // 17880 // API parameter values that are decorated as "sensitive" in the API will not 17881 // be included in the string output. The member name will be present, but the 17882 // value will be replaced with "sensitive". 17883 func (s DestinationParentNotFoundException) GoString() string { 17884 return s.String() 17885 } 17886 17887 func newErrorDestinationParentNotFoundException(v protocol.ResponseMetadata) error { 17888 return &DestinationParentNotFoundException{ 17889 RespMetadata: v, 17890 } 17891 } 17892 17893 // Code returns the exception type name. 17894 func (s *DestinationParentNotFoundException) Code() string { 17895 return "DestinationParentNotFoundException" 17896 } 17897 17898 // Message returns the exception's message. 17899 func (s *DestinationParentNotFoundException) Message() string { 17900 if s.Message_ != nil { 17901 return *s.Message_ 17902 } 17903 return "" 17904 } 17905 17906 // OrigErr always returns nil, satisfies awserr.Error interface. 17907 func (s *DestinationParentNotFoundException) OrigErr() error { 17908 return nil 17909 } 17910 17911 func (s *DestinationParentNotFoundException) Error() string { 17912 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 17913 } 17914 17915 // Status code returns the HTTP status code for the request's response error. 17916 func (s *DestinationParentNotFoundException) StatusCode() int { 17917 return s.RespMetadata.StatusCode 17918 } 17919 17920 // RequestID returns the service's response RequestID for request. 17921 func (s *DestinationParentNotFoundException) RequestID() string { 17922 return s.RespMetadata.RequestID 17923 } 17924 17925 type DetachPolicyInput struct { 17926 _ struct{} `type:"structure"` 17927 17928 // The unique identifier (ID) of the policy you want to detach. You can get 17929 // the ID from the ListPolicies or ListPoliciesForTarget operations. 17930 // 17931 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 17932 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 17933 // or the underscore character (_). 17934 // 17935 // PolicyId is a required field 17936 PolicyId *string `type:"string" required:"true"` 17937 17938 // The unique identifier (ID) of the root, OU, or account that you want to detach 17939 // the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, 17940 // or ListAccounts operations. 17941 // 17942 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 17943 // requires one of the following: 17944 // 17945 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 17946 // letters or digits. 17947 // 17948 // * Account - A string that consists of exactly 12 digits. 17949 // 17950 // * Organizational unit (OU) - A string that begins with "ou-" followed 17951 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 17952 // OU is in). This string is followed by a second "-" dash and from 8 to 17953 // 32 additional lowercase letters or digits. 17954 // 17955 // TargetId is a required field 17956 TargetId *string `type:"string" required:"true"` 17957 } 17958 17959 // String returns the string representation. 17960 // 17961 // API parameter values that are decorated as "sensitive" in the API will not 17962 // be included in the string output. The member name will be present, but the 17963 // value will be replaced with "sensitive". 17964 func (s DetachPolicyInput) String() string { 17965 return awsutil.Prettify(s) 17966 } 17967 17968 // GoString returns the string representation. 17969 // 17970 // API parameter values that are decorated as "sensitive" in the API will not 17971 // be included in the string output. The member name will be present, but the 17972 // value will be replaced with "sensitive". 17973 func (s DetachPolicyInput) GoString() string { 17974 return s.String() 17975 } 17976 17977 // Validate inspects the fields of the type to determine if they are valid. 17978 func (s *DetachPolicyInput) Validate() error { 17979 invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"} 17980 if s.PolicyId == nil { 17981 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 17982 } 17983 if s.TargetId == nil { 17984 invalidParams.Add(request.NewErrParamRequired("TargetId")) 17985 } 17986 17987 if invalidParams.Len() > 0 { 17988 return invalidParams 17989 } 17990 return nil 17991 } 17992 17993 // SetPolicyId sets the PolicyId field's value. 17994 func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput { 17995 s.PolicyId = &v 17996 return s 17997 } 17998 17999 // SetTargetId sets the TargetId field's value. 18000 func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput { 18001 s.TargetId = &v 18002 return s 18003 } 18004 18005 type DetachPolicyOutput struct { 18006 _ struct{} `type:"structure"` 18007 } 18008 18009 // String returns the string representation. 18010 // 18011 // API parameter values that are decorated as "sensitive" in the API will not 18012 // be included in the string output. The member name will be present, but the 18013 // value will be replaced with "sensitive". 18014 func (s DetachPolicyOutput) String() string { 18015 return awsutil.Prettify(s) 18016 } 18017 18018 // GoString returns the string representation. 18019 // 18020 // API parameter values that are decorated as "sensitive" in the API will not 18021 // be included in the string output. The member name will be present, but the 18022 // value will be replaced with "sensitive". 18023 func (s DetachPolicyOutput) GoString() string { 18024 return s.String() 18025 } 18026 18027 type DisableAWSServiceAccessInput struct { 18028 _ struct{} `type:"structure"` 18029 18030 // The service principal name of the AWS service for which you want to disable 18031 // integration with your organization. This is typically in the form of a URL, 18032 // such as service-abbreviation.amazonaws.com. 18033 // 18034 // ServicePrincipal is a required field 18035 ServicePrincipal *string `min:"1" type:"string" required:"true"` 18036 } 18037 18038 // String returns the string representation. 18039 // 18040 // API parameter values that are decorated as "sensitive" in the API will not 18041 // be included in the string output. The member name will be present, but the 18042 // value will be replaced with "sensitive". 18043 func (s DisableAWSServiceAccessInput) String() string { 18044 return awsutil.Prettify(s) 18045 } 18046 18047 // GoString returns the string representation. 18048 // 18049 // API parameter values that are decorated as "sensitive" in the API will not 18050 // be included in the string output. The member name will be present, but the 18051 // value will be replaced with "sensitive". 18052 func (s DisableAWSServiceAccessInput) GoString() string { 18053 return s.String() 18054 } 18055 18056 // Validate inspects the fields of the type to determine if they are valid. 18057 func (s *DisableAWSServiceAccessInput) Validate() error { 18058 invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"} 18059 if s.ServicePrincipal == nil { 18060 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 18061 } 18062 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 18063 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 18064 } 18065 18066 if invalidParams.Len() > 0 { 18067 return invalidParams 18068 } 18069 return nil 18070 } 18071 18072 // SetServicePrincipal sets the ServicePrincipal field's value. 18073 func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput { 18074 s.ServicePrincipal = &v 18075 return s 18076 } 18077 18078 type DisableAWSServiceAccessOutput struct { 18079 _ struct{} `type:"structure"` 18080 } 18081 18082 // String returns the string representation. 18083 // 18084 // API parameter values that are decorated as "sensitive" in the API will not 18085 // be included in the string output. The member name will be present, but the 18086 // value will be replaced with "sensitive". 18087 func (s DisableAWSServiceAccessOutput) String() string { 18088 return awsutil.Prettify(s) 18089 } 18090 18091 // GoString returns the string representation. 18092 // 18093 // API parameter values that are decorated as "sensitive" in the API will not 18094 // be included in the string output. The member name will be present, but the 18095 // value will be replaced with "sensitive". 18096 func (s DisableAWSServiceAccessOutput) GoString() string { 18097 return s.String() 18098 } 18099 18100 type DisablePolicyTypeInput struct { 18101 _ struct{} `type:"structure"` 18102 18103 // The policy type that you want to disable in this root. You can specify one 18104 // of the following values: 18105 // 18106 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 18107 // 18108 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 18109 // 18110 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 18111 // 18112 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 18113 // 18114 // PolicyType is a required field 18115 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 18116 18117 // The unique identifier (ID) of the root in which you want to disable a policy 18118 // type. You can get the ID from the ListRoots operation. 18119 // 18120 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 18121 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 18122 // 18123 // RootId is a required field 18124 RootId *string `type:"string" required:"true"` 18125 } 18126 18127 // String returns the string representation. 18128 // 18129 // API parameter values that are decorated as "sensitive" in the API will not 18130 // be included in the string output. The member name will be present, but the 18131 // value will be replaced with "sensitive". 18132 func (s DisablePolicyTypeInput) String() string { 18133 return awsutil.Prettify(s) 18134 } 18135 18136 // GoString returns the string representation. 18137 // 18138 // API parameter values that are decorated as "sensitive" in the API will not 18139 // be included in the string output. The member name will be present, but the 18140 // value will be replaced with "sensitive". 18141 func (s DisablePolicyTypeInput) GoString() string { 18142 return s.String() 18143 } 18144 18145 // Validate inspects the fields of the type to determine if they are valid. 18146 func (s *DisablePolicyTypeInput) Validate() error { 18147 invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"} 18148 if s.PolicyType == nil { 18149 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 18150 } 18151 if s.RootId == nil { 18152 invalidParams.Add(request.NewErrParamRequired("RootId")) 18153 } 18154 18155 if invalidParams.Len() > 0 { 18156 return invalidParams 18157 } 18158 return nil 18159 } 18160 18161 // SetPolicyType sets the PolicyType field's value. 18162 func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput { 18163 s.PolicyType = &v 18164 return s 18165 } 18166 18167 // SetRootId sets the RootId field's value. 18168 func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput { 18169 s.RootId = &v 18170 return s 18171 } 18172 18173 type DisablePolicyTypeOutput struct { 18174 _ struct{} `type:"structure"` 18175 18176 // A structure that shows the root with the updated list of enabled policy types. 18177 Root *Root `type:"structure"` 18178 } 18179 18180 // String returns the string representation. 18181 // 18182 // API parameter values that are decorated as "sensitive" in the API will not 18183 // be included in the string output. The member name will be present, but the 18184 // value will be replaced with "sensitive". 18185 func (s DisablePolicyTypeOutput) String() string { 18186 return awsutil.Prettify(s) 18187 } 18188 18189 // GoString returns the string representation. 18190 // 18191 // API parameter values that are decorated as "sensitive" in the API will not 18192 // be included in the string output. The member name will be present, but the 18193 // value will be replaced with "sensitive". 18194 func (s DisablePolicyTypeOutput) GoString() string { 18195 return s.String() 18196 } 18197 18198 // SetRoot sets the Root field's value. 18199 func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput { 18200 s.Root = v 18201 return s 18202 } 18203 18204 // That account is already present in the specified destination. 18205 type DuplicateAccountException struct { 18206 _ struct{} `type:"structure"` 18207 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18208 18209 Message_ *string `locationName:"Message" type:"string"` 18210 } 18211 18212 // String returns the string representation. 18213 // 18214 // API parameter values that are decorated as "sensitive" in the API will not 18215 // be included in the string output. The member name will be present, but the 18216 // value will be replaced with "sensitive". 18217 func (s DuplicateAccountException) String() string { 18218 return awsutil.Prettify(s) 18219 } 18220 18221 // GoString returns the string representation. 18222 // 18223 // API parameter values that are decorated as "sensitive" in the API will not 18224 // be included in the string output. The member name will be present, but the 18225 // value will be replaced with "sensitive". 18226 func (s DuplicateAccountException) GoString() string { 18227 return s.String() 18228 } 18229 18230 func newErrorDuplicateAccountException(v protocol.ResponseMetadata) error { 18231 return &DuplicateAccountException{ 18232 RespMetadata: v, 18233 } 18234 } 18235 18236 // Code returns the exception type name. 18237 func (s *DuplicateAccountException) Code() string { 18238 return "DuplicateAccountException" 18239 } 18240 18241 // Message returns the exception's message. 18242 func (s *DuplicateAccountException) Message() string { 18243 if s.Message_ != nil { 18244 return *s.Message_ 18245 } 18246 return "" 18247 } 18248 18249 // OrigErr always returns nil, satisfies awserr.Error interface. 18250 func (s *DuplicateAccountException) OrigErr() error { 18251 return nil 18252 } 18253 18254 func (s *DuplicateAccountException) Error() string { 18255 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18256 } 18257 18258 // Status code returns the HTTP status code for the request's response error. 18259 func (s *DuplicateAccountException) StatusCode() int { 18260 return s.RespMetadata.StatusCode 18261 } 18262 18263 // RequestID returns the service's response RequestID for request. 18264 func (s *DuplicateAccountException) RequestID() string { 18265 return s.RespMetadata.RequestID 18266 } 18267 18268 // A handshake with the same action and target already exists. For example, 18269 // if you invited an account to join your organization, the invited account 18270 // might already have a pending invitation from this organization. If you intend 18271 // to resend an invitation to an account, ensure that existing handshakes that 18272 // might be considered duplicates are canceled or declined. 18273 type DuplicateHandshakeException struct { 18274 _ struct{} `type:"structure"` 18275 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18276 18277 Message_ *string `locationName:"Message" type:"string"` 18278 } 18279 18280 // String returns the string representation. 18281 // 18282 // API parameter values that are decorated as "sensitive" in the API will not 18283 // be included in the string output. The member name will be present, but the 18284 // value will be replaced with "sensitive". 18285 func (s DuplicateHandshakeException) String() string { 18286 return awsutil.Prettify(s) 18287 } 18288 18289 // GoString returns the string representation. 18290 // 18291 // API parameter values that are decorated as "sensitive" in the API will not 18292 // be included in the string output. The member name will be present, but the 18293 // value will be replaced with "sensitive". 18294 func (s DuplicateHandshakeException) GoString() string { 18295 return s.String() 18296 } 18297 18298 func newErrorDuplicateHandshakeException(v protocol.ResponseMetadata) error { 18299 return &DuplicateHandshakeException{ 18300 RespMetadata: v, 18301 } 18302 } 18303 18304 // Code returns the exception type name. 18305 func (s *DuplicateHandshakeException) Code() string { 18306 return "DuplicateHandshakeException" 18307 } 18308 18309 // Message returns the exception's message. 18310 func (s *DuplicateHandshakeException) Message() string { 18311 if s.Message_ != nil { 18312 return *s.Message_ 18313 } 18314 return "" 18315 } 18316 18317 // OrigErr always returns nil, satisfies awserr.Error interface. 18318 func (s *DuplicateHandshakeException) OrigErr() error { 18319 return nil 18320 } 18321 18322 func (s *DuplicateHandshakeException) Error() string { 18323 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18324 } 18325 18326 // Status code returns the HTTP status code for the request's response error. 18327 func (s *DuplicateHandshakeException) StatusCode() int { 18328 return s.RespMetadata.StatusCode 18329 } 18330 18331 // RequestID returns the service's response RequestID for request. 18332 func (s *DuplicateHandshakeException) RequestID() string { 18333 return s.RespMetadata.RequestID 18334 } 18335 18336 // An OU with the same name already exists. 18337 type DuplicateOrganizationalUnitException struct { 18338 _ struct{} `type:"structure"` 18339 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18340 18341 Message_ *string `locationName:"Message" type:"string"` 18342 } 18343 18344 // String returns the string representation. 18345 // 18346 // API parameter values that are decorated as "sensitive" in the API will not 18347 // be included in the string output. The member name will be present, but the 18348 // value will be replaced with "sensitive". 18349 func (s DuplicateOrganizationalUnitException) String() string { 18350 return awsutil.Prettify(s) 18351 } 18352 18353 // GoString returns the string representation. 18354 // 18355 // API parameter values that are decorated as "sensitive" in the API will not 18356 // be included in the string output. The member name will be present, but the 18357 // value will be replaced with "sensitive". 18358 func (s DuplicateOrganizationalUnitException) GoString() string { 18359 return s.String() 18360 } 18361 18362 func newErrorDuplicateOrganizationalUnitException(v protocol.ResponseMetadata) error { 18363 return &DuplicateOrganizationalUnitException{ 18364 RespMetadata: v, 18365 } 18366 } 18367 18368 // Code returns the exception type name. 18369 func (s *DuplicateOrganizationalUnitException) Code() string { 18370 return "DuplicateOrganizationalUnitException" 18371 } 18372 18373 // Message returns the exception's message. 18374 func (s *DuplicateOrganizationalUnitException) Message() string { 18375 if s.Message_ != nil { 18376 return *s.Message_ 18377 } 18378 return "" 18379 } 18380 18381 // OrigErr always returns nil, satisfies awserr.Error interface. 18382 func (s *DuplicateOrganizationalUnitException) OrigErr() error { 18383 return nil 18384 } 18385 18386 func (s *DuplicateOrganizationalUnitException) Error() string { 18387 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18388 } 18389 18390 // Status code returns the HTTP status code for the request's response error. 18391 func (s *DuplicateOrganizationalUnitException) StatusCode() int { 18392 return s.RespMetadata.StatusCode 18393 } 18394 18395 // RequestID returns the service's response RequestID for request. 18396 func (s *DuplicateOrganizationalUnitException) RequestID() string { 18397 return s.RespMetadata.RequestID 18398 } 18399 18400 // The selected policy is already attached to the specified target. 18401 type DuplicatePolicyAttachmentException struct { 18402 _ struct{} `type:"structure"` 18403 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18404 18405 Message_ *string `locationName:"Message" type:"string"` 18406 } 18407 18408 // String returns the string representation. 18409 // 18410 // API parameter values that are decorated as "sensitive" in the API will not 18411 // be included in the string output. The member name will be present, but the 18412 // value will be replaced with "sensitive". 18413 func (s DuplicatePolicyAttachmentException) String() string { 18414 return awsutil.Prettify(s) 18415 } 18416 18417 // GoString returns the string representation. 18418 // 18419 // API parameter values that are decorated as "sensitive" in the API will not 18420 // be included in the string output. The member name will be present, but the 18421 // value will be replaced with "sensitive". 18422 func (s DuplicatePolicyAttachmentException) GoString() string { 18423 return s.String() 18424 } 18425 18426 func newErrorDuplicatePolicyAttachmentException(v protocol.ResponseMetadata) error { 18427 return &DuplicatePolicyAttachmentException{ 18428 RespMetadata: v, 18429 } 18430 } 18431 18432 // Code returns the exception type name. 18433 func (s *DuplicatePolicyAttachmentException) Code() string { 18434 return "DuplicatePolicyAttachmentException" 18435 } 18436 18437 // Message returns the exception's message. 18438 func (s *DuplicatePolicyAttachmentException) Message() string { 18439 if s.Message_ != nil { 18440 return *s.Message_ 18441 } 18442 return "" 18443 } 18444 18445 // OrigErr always returns nil, satisfies awserr.Error interface. 18446 func (s *DuplicatePolicyAttachmentException) OrigErr() error { 18447 return nil 18448 } 18449 18450 func (s *DuplicatePolicyAttachmentException) Error() string { 18451 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18452 } 18453 18454 // Status code returns the HTTP status code for the request's response error. 18455 func (s *DuplicatePolicyAttachmentException) StatusCode() int { 18456 return s.RespMetadata.StatusCode 18457 } 18458 18459 // RequestID returns the service's response RequestID for request. 18460 func (s *DuplicatePolicyAttachmentException) RequestID() string { 18461 return s.RespMetadata.RequestID 18462 } 18463 18464 // A policy with the same name already exists. 18465 type DuplicatePolicyException struct { 18466 _ struct{} `type:"structure"` 18467 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18468 18469 Message_ *string `locationName:"Message" type:"string"` 18470 } 18471 18472 // String returns the string representation. 18473 // 18474 // API parameter values that are decorated as "sensitive" in the API will not 18475 // be included in the string output. The member name will be present, but the 18476 // value will be replaced with "sensitive". 18477 func (s DuplicatePolicyException) String() string { 18478 return awsutil.Prettify(s) 18479 } 18480 18481 // GoString returns the string representation. 18482 // 18483 // API parameter values that are decorated as "sensitive" in the API will not 18484 // be included in the string output. The member name will be present, but the 18485 // value will be replaced with "sensitive". 18486 func (s DuplicatePolicyException) GoString() string { 18487 return s.String() 18488 } 18489 18490 func newErrorDuplicatePolicyException(v protocol.ResponseMetadata) error { 18491 return &DuplicatePolicyException{ 18492 RespMetadata: v, 18493 } 18494 } 18495 18496 // Code returns the exception type name. 18497 func (s *DuplicatePolicyException) Code() string { 18498 return "DuplicatePolicyException" 18499 } 18500 18501 // Message returns the exception's message. 18502 func (s *DuplicatePolicyException) Message() string { 18503 if s.Message_ != nil { 18504 return *s.Message_ 18505 } 18506 return "" 18507 } 18508 18509 // OrigErr always returns nil, satisfies awserr.Error interface. 18510 func (s *DuplicatePolicyException) OrigErr() error { 18511 return nil 18512 } 18513 18514 func (s *DuplicatePolicyException) Error() string { 18515 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18516 } 18517 18518 // Status code returns the HTTP status code for the request's response error. 18519 func (s *DuplicatePolicyException) StatusCode() int { 18520 return s.RespMetadata.StatusCode 18521 } 18522 18523 // RequestID returns the service's response RequestID for request. 18524 func (s *DuplicatePolicyException) RequestID() string { 18525 return s.RespMetadata.RequestID 18526 } 18527 18528 // Contains rules to be applied to the affected accounts. The effective policy 18529 // is the aggregation of any policies the account inherits, plus any policy 18530 // directly attached to the account. 18531 type EffectivePolicy struct { 18532 _ struct{} `type:"structure"` 18533 18534 // The time of the last update to this policy. 18535 LastUpdatedTimestamp *time.Time `type:"timestamp"` 18536 18537 // The text content of the policy. 18538 PolicyContent *string `min:"1" type:"string"` 18539 18540 // The policy type. 18541 PolicyType *string `type:"string" enum:"EffectivePolicyType"` 18542 18543 // The account ID of the policy target. 18544 TargetId *string `type:"string"` 18545 } 18546 18547 // String returns the string representation. 18548 // 18549 // API parameter values that are decorated as "sensitive" in the API will not 18550 // be included in the string output. The member name will be present, but the 18551 // value will be replaced with "sensitive". 18552 func (s EffectivePolicy) String() string { 18553 return awsutil.Prettify(s) 18554 } 18555 18556 // GoString returns the string representation. 18557 // 18558 // API parameter values that are decorated as "sensitive" in the API will not 18559 // be included in the string output. The member name will be present, but the 18560 // value will be replaced with "sensitive". 18561 func (s EffectivePolicy) GoString() string { 18562 return s.String() 18563 } 18564 18565 // SetLastUpdatedTimestamp sets the LastUpdatedTimestamp field's value. 18566 func (s *EffectivePolicy) SetLastUpdatedTimestamp(v time.Time) *EffectivePolicy { 18567 s.LastUpdatedTimestamp = &v 18568 return s 18569 } 18570 18571 // SetPolicyContent sets the PolicyContent field's value. 18572 func (s *EffectivePolicy) SetPolicyContent(v string) *EffectivePolicy { 18573 s.PolicyContent = &v 18574 return s 18575 } 18576 18577 // SetPolicyType sets the PolicyType field's value. 18578 func (s *EffectivePolicy) SetPolicyType(v string) *EffectivePolicy { 18579 s.PolicyType = &v 18580 return s 18581 } 18582 18583 // SetTargetId sets the TargetId field's value. 18584 func (s *EffectivePolicy) SetTargetId(v string) *EffectivePolicy { 18585 s.TargetId = &v 18586 return s 18587 } 18588 18589 // If you ran this action on the management account, this policy type is not 18590 // enabled. If you ran the action on a member account, the account doesn't have 18591 // an effective policy of this type. Contact the administrator of your organization 18592 // about attaching a policy of this type to the account. 18593 type EffectivePolicyNotFoundException struct { 18594 _ struct{} `type:"structure"` 18595 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18596 18597 Message_ *string `locationName:"Message" type:"string"` 18598 } 18599 18600 // String returns the string representation. 18601 // 18602 // API parameter values that are decorated as "sensitive" in the API will not 18603 // be included in the string output. The member name will be present, but the 18604 // value will be replaced with "sensitive". 18605 func (s EffectivePolicyNotFoundException) String() string { 18606 return awsutil.Prettify(s) 18607 } 18608 18609 // GoString returns the string representation. 18610 // 18611 // API parameter values that are decorated as "sensitive" in the API will not 18612 // be included in the string output. The member name will be present, but the 18613 // value will be replaced with "sensitive". 18614 func (s EffectivePolicyNotFoundException) GoString() string { 18615 return s.String() 18616 } 18617 18618 func newErrorEffectivePolicyNotFoundException(v protocol.ResponseMetadata) error { 18619 return &EffectivePolicyNotFoundException{ 18620 RespMetadata: v, 18621 } 18622 } 18623 18624 // Code returns the exception type name. 18625 func (s *EffectivePolicyNotFoundException) Code() string { 18626 return "EffectivePolicyNotFoundException" 18627 } 18628 18629 // Message returns the exception's message. 18630 func (s *EffectivePolicyNotFoundException) Message() string { 18631 if s.Message_ != nil { 18632 return *s.Message_ 18633 } 18634 return "" 18635 } 18636 18637 // OrigErr always returns nil, satisfies awserr.Error interface. 18638 func (s *EffectivePolicyNotFoundException) OrigErr() error { 18639 return nil 18640 } 18641 18642 func (s *EffectivePolicyNotFoundException) Error() string { 18643 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18644 } 18645 18646 // Status code returns the HTTP status code for the request's response error. 18647 func (s *EffectivePolicyNotFoundException) StatusCode() int { 18648 return s.RespMetadata.StatusCode 18649 } 18650 18651 // RequestID returns the service's response RequestID for request. 18652 func (s *EffectivePolicyNotFoundException) RequestID() string { 18653 return s.RespMetadata.RequestID 18654 } 18655 18656 type EnableAWSServiceAccessInput struct { 18657 _ struct{} `type:"structure"` 18658 18659 // The service principal name of the AWS service for which you want to enable 18660 // integration with your organization. This is typically in the form of a URL, 18661 // such as service-abbreviation.amazonaws.com. 18662 // 18663 // ServicePrincipal is a required field 18664 ServicePrincipal *string `min:"1" type:"string" required:"true"` 18665 } 18666 18667 // String returns the string representation. 18668 // 18669 // API parameter values that are decorated as "sensitive" in the API will not 18670 // be included in the string output. The member name will be present, but the 18671 // value will be replaced with "sensitive". 18672 func (s EnableAWSServiceAccessInput) String() string { 18673 return awsutil.Prettify(s) 18674 } 18675 18676 // GoString returns the string representation. 18677 // 18678 // API parameter values that are decorated as "sensitive" in the API will not 18679 // be included in the string output. The member name will be present, but the 18680 // value will be replaced with "sensitive". 18681 func (s EnableAWSServiceAccessInput) GoString() string { 18682 return s.String() 18683 } 18684 18685 // Validate inspects the fields of the type to determine if they are valid. 18686 func (s *EnableAWSServiceAccessInput) Validate() error { 18687 invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"} 18688 if s.ServicePrincipal == nil { 18689 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 18690 } 18691 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 18692 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 18693 } 18694 18695 if invalidParams.Len() > 0 { 18696 return invalidParams 18697 } 18698 return nil 18699 } 18700 18701 // SetServicePrincipal sets the ServicePrincipal field's value. 18702 func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput { 18703 s.ServicePrincipal = &v 18704 return s 18705 } 18706 18707 type EnableAWSServiceAccessOutput struct { 18708 _ struct{} `type:"structure"` 18709 } 18710 18711 // String returns the string representation. 18712 // 18713 // API parameter values that are decorated as "sensitive" in the API will not 18714 // be included in the string output. The member name will be present, but the 18715 // value will be replaced with "sensitive". 18716 func (s EnableAWSServiceAccessOutput) String() string { 18717 return awsutil.Prettify(s) 18718 } 18719 18720 // GoString returns the string representation. 18721 // 18722 // API parameter values that are decorated as "sensitive" in the API will not 18723 // be included in the string output. The member name will be present, but the 18724 // value will be replaced with "sensitive". 18725 func (s EnableAWSServiceAccessOutput) GoString() string { 18726 return s.String() 18727 } 18728 18729 type EnableAllFeaturesInput struct { 18730 _ struct{} `type:"structure"` 18731 } 18732 18733 // String returns the string representation. 18734 // 18735 // API parameter values that are decorated as "sensitive" in the API will not 18736 // be included in the string output. The member name will be present, but the 18737 // value will be replaced with "sensitive". 18738 func (s EnableAllFeaturesInput) String() string { 18739 return awsutil.Prettify(s) 18740 } 18741 18742 // GoString returns the string representation. 18743 // 18744 // API parameter values that are decorated as "sensitive" in the API will not 18745 // be included in the string output. The member name will be present, but the 18746 // value will be replaced with "sensitive". 18747 func (s EnableAllFeaturesInput) GoString() string { 18748 return s.String() 18749 } 18750 18751 type EnableAllFeaturesOutput struct { 18752 _ struct{} `type:"structure"` 18753 18754 // A structure that contains details about the handshake created to support 18755 // this request to enable all features in the organization. 18756 Handshake *Handshake `type:"structure"` 18757 } 18758 18759 // String returns the string representation. 18760 // 18761 // API parameter values that are decorated as "sensitive" in the API will not 18762 // be included in the string output. The member name will be present, but the 18763 // value will be replaced with "sensitive". 18764 func (s EnableAllFeaturesOutput) String() string { 18765 return awsutil.Prettify(s) 18766 } 18767 18768 // GoString returns the string representation. 18769 // 18770 // API parameter values that are decorated as "sensitive" in the API will not 18771 // be included in the string output. The member name will be present, but the 18772 // value will be replaced with "sensitive". 18773 func (s EnableAllFeaturesOutput) GoString() string { 18774 return s.String() 18775 } 18776 18777 // SetHandshake sets the Handshake field's value. 18778 func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput { 18779 s.Handshake = v 18780 return s 18781 } 18782 18783 type EnablePolicyTypeInput struct { 18784 _ struct{} `type:"structure"` 18785 18786 // The policy type that you want to enable. You can specify one of the following 18787 // values: 18788 // 18789 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 18790 // 18791 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 18792 // 18793 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 18794 // 18795 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 18796 // 18797 // PolicyType is a required field 18798 PolicyType *string `type:"string" required:"true" enum:"PolicyType"` 18799 18800 // The unique identifier (ID) of the root in which you want to enable a policy 18801 // type. You can get the ID from the ListRoots operation. 18802 // 18803 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 18804 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 18805 // 18806 // RootId is a required field 18807 RootId *string `type:"string" required:"true"` 18808 } 18809 18810 // String returns the string representation. 18811 // 18812 // API parameter values that are decorated as "sensitive" in the API will not 18813 // be included in the string output. The member name will be present, but the 18814 // value will be replaced with "sensitive". 18815 func (s EnablePolicyTypeInput) String() string { 18816 return awsutil.Prettify(s) 18817 } 18818 18819 // GoString returns the string representation. 18820 // 18821 // API parameter values that are decorated as "sensitive" in the API will not 18822 // be included in the string output. The member name will be present, but the 18823 // value will be replaced with "sensitive". 18824 func (s EnablePolicyTypeInput) GoString() string { 18825 return s.String() 18826 } 18827 18828 // Validate inspects the fields of the type to determine if they are valid. 18829 func (s *EnablePolicyTypeInput) Validate() error { 18830 invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"} 18831 if s.PolicyType == nil { 18832 invalidParams.Add(request.NewErrParamRequired("PolicyType")) 18833 } 18834 if s.RootId == nil { 18835 invalidParams.Add(request.NewErrParamRequired("RootId")) 18836 } 18837 18838 if invalidParams.Len() > 0 { 18839 return invalidParams 18840 } 18841 return nil 18842 } 18843 18844 // SetPolicyType sets the PolicyType field's value. 18845 func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput { 18846 s.PolicyType = &v 18847 return s 18848 } 18849 18850 // SetRootId sets the RootId field's value. 18851 func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput { 18852 s.RootId = &v 18853 return s 18854 } 18855 18856 type EnablePolicyTypeOutput struct { 18857 _ struct{} `type:"structure"` 18858 18859 // A structure that shows the root with the updated list of enabled policy types. 18860 Root *Root `type:"structure"` 18861 } 18862 18863 // String returns the string representation. 18864 // 18865 // API parameter values that are decorated as "sensitive" in the API will not 18866 // be included in the string output. The member name will be present, but the 18867 // value will be replaced with "sensitive". 18868 func (s EnablePolicyTypeOutput) String() string { 18869 return awsutil.Prettify(s) 18870 } 18871 18872 // GoString returns the string representation. 18873 // 18874 // API parameter values that are decorated as "sensitive" in the API will not 18875 // be included in the string output. The member name will be present, but the 18876 // value will be replaced with "sensitive". 18877 func (s EnablePolicyTypeOutput) GoString() string { 18878 return s.String() 18879 } 18880 18881 // SetRoot sets the Root field's value. 18882 func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput { 18883 s.Root = v 18884 return s 18885 } 18886 18887 // A structure that contains details of a service principal that represents 18888 // an AWS service that is enabled to integrate with AWS Organizations. 18889 type EnabledServicePrincipal struct { 18890 _ struct{} `type:"structure"` 18891 18892 // The date that the service principal was enabled for integration with AWS 18893 // Organizations. 18894 DateEnabled *time.Time `type:"timestamp"` 18895 18896 // The name of the service principal. This is typically in the form of a URL, 18897 // such as: servicename.amazonaws.com. 18898 ServicePrincipal *string `min:"1" type:"string"` 18899 } 18900 18901 // String returns the string representation. 18902 // 18903 // API parameter values that are decorated as "sensitive" in the API will not 18904 // be included in the string output. The member name will be present, but the 18905 // value will be replaced with "sensitive". 18906 func (s EnabledServicePrincipal) String() string { 18907 return awsutil.Prettify(s) 18908 } 18909 18910 // GoString returns the string representation. 18911 // 18912 // API parameter values that are decorated as "sensitive" in the API will not 18913 // be included in the string output. The member name will be present, but the 18914 // value will be replaced with "sensitive". 18915 func (s EnabledServicePrincipal) GoString() string { 18916 return s.String() 18917 } 18918 18919 // SetDateEnabled sets the DateEnabled field's value. 18920 func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal { 18921 s.DateEnabled = &v 18922 return s 18923 } 18924 18925 // SetServicePrincipal sets the ServicePrincipal field's value. 18926 func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal { 18927 s.ServicePrincipal = &v 18928 return s 18929 } 18930 18931 // AWS Organizations couldn't perform the operation because your organization 18932 // hasn't finished initializing. This can take up to an hour. Try again later. 18933 // If after one hour you continue to receive this error, contact AWS Support 18934 // (https://console.aws.amazon.com/support/home#/). 18935 type FinalizingOrganizationException struct { 18936 _ struct{} `type:"structure"` 18937 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 18938 18939 Message_ *string `locationName:"Message" type:"string"` 18940 } 18941 18942 // String returns the string representation. 18943 // 18944 // API parameter values that are decorated as "sensitive" in the API will not 18945 // be included in the string output. The member name will be present, but the 18946 // value will be replaced with "sensitive". 18947 func (s FinalizingOrganizationException) String() string { 18948 return awsutil.Prettify(s) 18949 } 18950 18951 // GoString returns the string representation. 18952 // 18953 // API parameter values that are decorated as "sensitive" in the API will not 18954 // be included in the string output. The member name will be present, but the 18955 // value will be replaced with "sensitive". 18956 func (s FinalizingOrganizationException) GoString() string { 18957 return s.String() 18958 } 18959 18960 func newErrorFinalizingOrganizationException(v protocol.ResponseMetadata) error { 18961 return &FinalizingOrganizationException{ 18962 RespMetadata: v, 18963 } 18964 } 18965 18966 // Code returns the exception type name. 18967 func (s *FinalizingOrganizationException) Code() string { 18968 return "FinalizingOrganizationException" 18969 } 18970 18971 // Message returns the exception's message. 18972 func (s *FinalizingOrganizationException) Message() string { 18973 if s.Message_ != nil { 18974 return *s.Message_ 18975 } 18976 return "" 18977 } 18978 18979 // OrigErr always returns nil, satisfies awserr.Error interface. 18980 func (s *FinalizingOrganizationException) OrigErr() error { 18981 return nil 18982 } 18983 18984 func (s *FinalizingOrganizationException) Error() string { 18985 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 18986 } 18987 18988 // Status code returns the HTTP status code for the request's response error. 18989 func (s *FinalizingOrganizationException) StatusCode() int { 18990 return s.RespMetadata.StatusCode 18991 } 18992 18993 // RequestID returns the service's response RequestID for request. 18994 func (s *FinalizingOrganizationException) RequestID() string { 18995 return s.RespMetadata.RequestID 18996 } 18997 18998 // Contains information that must be exchanged to securely establish a relationship 18999 // between two accounts (an originator and a recipient). For example, when a 19000 // management account (the originator) invites another account (the recipient) 19001 // to join its organization, the two accounts exchange information as a series 19002 // of handshake requests and responses. 19003 // 19004 // Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists 19005 // for only 30 days after entering that state After that they are deleted. 19006 type Handshake struct { 19007 _ struct{} `type:"structure"` 19008 19009 // The type of handshake, indicating what action occurs when the recipient accepts 19010 // the handshake. The following handshake types are supported: 19011 // 19012 // * INVITE: This type of handshake represents a request to join an organization. 19013 // It is always sent from the management account to only non-member accounts. 19014 // 19015 // * ENABLE_ALL_FEATURES: This type of handshake represents a request to 19016 // enable all features in an organization. It is always sent from the management 19017 // account to only invited member accounts. Created accounts do not receive 19018 // this because those accounts were created by the organization's management 19019 // account and approval is inferred. 19020 // 19021 // * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations 19022 // service when all member accounts have approved the ENABLE_ALL_FEATURES 19023 // invitation. It is sent only to the management account and signals the 19024 // master that it can finalize the process to enable all features. 19025 Action *string `type:"string" enum:"ActionType"` 19026 19027 // The Amazon Resource Name (ARN) of a handshake. 19028 // 19029 // For more information about ARNs in Organizations, see ARN Formats Supported 19030 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 19031 // in the AWS Service Authorization Reference. 19032 Arn *string `type:"string"` 19033 19034 // The date and time that the handshake expires. If the recipient of the handshake 19035 // request fails to respond before the specified date and time, the handshake 19036 // becomes inactive and is no longer valid. 19037 ExpirationTimestamp *time.Time `type:"timestamp"` 19038 19039 // The unique identifier (ID) of a handshake. The originating account creates 19040 // the ID when it initiates the handshake. 19041 // 19042 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 19043 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 19044 Id *string `type:"string"` 19045 19046 // Information about the two accounts that are participating in the handshake. 19047 Parties []*HandshakeParty `type:"list"` 19048 19049 // The date and time that the handshake request was made. 19050 RequestedTimestamp *time.Time `type:"timestamp"` 19051 19052 // Additional information that is needed to process the handshake. 19053 Resources []*HandshakeResource `type:"list"` 19054 19055 // The current state of the handshake. Use the state to trace the flow of the 19056 // handshake through the process from its creation to its acceptance. The meaning 19057 // of each of the valid values is as follows: 19058 // 19059 // * REQUESTED: This handshake was sent to multiple recipients (applicable 19060 // to only some handshake types) and not all recipients have responded yet. 19061 // The request stays in this state until all recipients respond. 19062 // 19063 // * OPEN: This handshake was sent to multiple recipients (applicable to 19064 // only some policy types) and all recipients have responded, allowing the 19065 // originator to complete the handshake action. 19066 // 19067 // * CANCELED: This handshake is no longer active because it was canceled 19068 // by the originating account. 19069 // 19070 // * ACCEPTED: This handshake is complete because it has been accepted by 19071 // the recipient. 19072 // 19073 // * DECLINED: This handshake is no longer active because it was declined 19074 // by the recipient account. 19075 // 19076 // * EXPIRED: This handshake is no longer active because the originator did 19077 // not receive a response of any kind from the recipient before the expiration 19078 // time (15 days). 19079 State *string `type:"string" enum:"HandshakeState"` 19080 } 19081 19082 // String returns the string representation. 19083 // 19084 // API parameter values that are decorated as "sensitive" in the API will not 19085 // be included in the string output. The member name will be present, but the 19086 // value will be replaced with "sensitive". 19087 func (s Handshake) String() string { 19088 return awsutil.Prettify(s) 19089 } 19090 19091 // GoString returns the string representation. 19092 // 19093 // API parameter values that are decorated as "sensitive" in the API will not 19094 // be included in the string output. The member name will be present, but the 19095 // value will be replaced with "sensitive". 19096 func (s Handshake) GoString() string { 19097 return s.String() 19098 } 19099 19100 // SetAction sets the Action field's value. 19101 func (s *Handshake) SetAction(v string) *Handshake { 19102 s.Action = &v 19103 return s 19104 } 19105 19106 // SetArn sets the Arn field's value. 19107 func (s *Handshake) SetArn(v string) *Handshake { 19108 s.Arn = &v 19109 return s 19110 } 19111 19112 // SetExpirationTimestamp sets the ExpirationTimestamp field's value. 19113 func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake { 19114 s.ExpirationTimestamp = &v 19115 return s 19116 } 19117 19118 // SetId sets the Id field's value. 19119 func (s *Handshake) SetId(v string) *Handshake { 19120 s.Id = &v 19121 return s 19122 } 19123 19124 // SetParties sets the Parties field's value. 19125 func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake { 19126 s.Parties = v 19127 return s 19128 } 19129 19130 // SetRequestedTimestamp sets the RequestedTimestamp field's value. 19131 func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake { 19132 s.RequestedTimestamp = &v 19133 return s 19134 } 19135 19136 // SetResources sets the Resources field's value. 19137 func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake { 19138 s.Resources = v 19139 return s 19140 } 19141 19142 // SetState sets the State field's value. 19143 func (s *Handshake) SetState(v string) *Handshake { 19144 s.State = &v 19145 return s 19146 } 19147 19148 // The specified handshake is already in the requested state. For example, you 19149 // can't accept a handshake that was already accepted. 19150 type HandshakeAlreadyInStateException struct { 19151 _ struct{} `type:"structure"` 19152 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 19153 19154 Message_ *string `locationName:"Message" type:"string"` 19155 } 19156 19157 // String returns the string representation. 19158 // 19159 // API parameter values that are decorated as "sensitive" in the API will not 19160 // be included in the string output. The member name will be present, but the 19161 // value will be replaced with "sensitive". 19162 func (s HandshakeAlreadyInStateException) String() string { 19163 return awsutil.Prettify(s) 19164 } 19165 19166 // GoString returns the string representation. 19167 // 19168 // API parameter values that are decorated as "sensitive" in the API will not 19169 // be included in the string output. The member name will be present, but the 19170 // value will be replaced with "sensitive". 19171 func (s HandshakeAlreadyInStateException) GoString() string { 19172 return s.String() 19173 } 19174 19175 func newErrorHandshakeAlreadyInStateException(v protocol.ResponseMetadata) error { 19176 return &HandshakeAlreadyInStateException{ 19177 RespMetadata: v, 19178 } 19179 } 19180 19181 // Code returns the exception type name. 19182 func (s *HandshakeAlreadyInStateException) Code() string { 19183 return "HandshakeAlreadyInStateException" 19184 } 19185 19186 // Message returns the exception's message. 19187 func (s *HandshakeAlreadyInStateException) Message() string { 19188 if s.Message_ != nil { 19189 return *s.Message_ 19190 } 19191 return "" 19192 } 19193 19194 // OrigErr always returns nil, satisfies awserr.Error interface. 19195 func (s *HandshakeAlreadyInStateException) OrigErr() error { 19196 return nil 19197 } 19198 19199 func (s *HandshakeAlreadyInStateException) Error() string { 19200 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 19201 } 19202 19203 // Status code returns the HTTP status code for the request's response error. 19204 func (s *HandshakeAlreadyInStateException) StatusCode() int { 19205 return s.RespMetadata.StatusCode 19206 } 19207 19208 // RequestID returns the service's response RequestID for request. 19209 func (s *HandshakeAlreadyInStateException) RequestID() string { 19210 return s.RespMetadata.RequestID 19211 } 19212 19213 // The requested operation would violate the constraint identified in the reason 19214 // code. 19215 // 19216 // Some of the reasons in the following list might not be applicable to this 19217 // specific API or operation: 19218 // 19219 // * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on 19220 // the number of accounts in an organization. Note that deleted and closed 19221 // accounts still count toward your limit. If you get this exception immediately 19222 // after creating the organization, wait one hour and try again. If after 19223 // an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/). 19224 // 19225 // * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because 19226 // the invited account is already a member of an organization. 19227 // 19228 // * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of 19229 // handshakes that you can send in one day. 19230 // 19231 // * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations 19232 // to join an organization while it's in the process of enabling all features. 19233 // You can resume inviting accounts after you finalize the process when all 19234 // accounts have agreed to the change. 19235 // 19236 // * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid 19237 // because the organization has already enabled all features. 19238 // 19239 // * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake 19240 // request is invalid because the organization has already started the process 19241 // to enable all features. 19242 // 19243 // * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because 19244 // the account is from a different marketplace than the accounts in the organization. 19245 // For example, accounts with India addresses must be associated with the 19246 // AISPL marketplace. All accounts in an organization must be from the same 19247 // marketplace. 19248 // 19249 // * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to 19250 // change the membership of an account too quickly after its previous change. 19251 // 19252 // * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an 19253 // account that doesn't have a payment instrument, such as a credit card, 19254 // associated with it. 19255 type HandshakeConstraintViolationException struct { 19256 _ struct{} `type:"structure"` 19257 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 19258 19259 Message_ *string `locationName:"Message" type:"string"` 19260 19261 Reason *string `type:"string" enum:"HandshakeConstraintViolationExceptionReason"` 19262 } 19263 19264 // String returns the string representation. 19265 // 19266 // API parameter values that are decorated as "sensitive" in the API will not 19267 // be included in the string output. The member name will be present, but the 19268 // value will be replaced with "sensitive". 19269 func (s HandshakeConstraintViolationException) String() string { 19270 return awsutil.Prettify(s) 19271 } 19272 19273 // GoString returns the string representation. 19274 // 19275 // API parameter values that are decorated as "sensitive" in the API will not 19276 // be included in the string output. The member name will be present, but the 19277 // value will be replaced with "sensitive". 19278 func (s HandshakeConstraintViolationException) GoString() string { 19279 return s.String() 19280 } 19281 19282 func newErrorHandshakeConstraintViolationException(v protocol.ResponseMetadata) error { 19283 return &HandshakeConstraintViolationException{ 19284 RespMetadata: v, 19285 } 19286 } 19287 19288 // Code returns the exception type name. 19289 func (s *HandshakeConstraintViolationException) Code() string { 19290 return "HandshakeConstraintViolationException" 19291 } 19292 19293 // Message returns the exception's message. 19294 func (s *HandshakeConstraintViolationException) Message() string { 19295 if s.Message_ != nil { 19296 return *s.Message_ 19297 } 19298 return "" 19299 } 19300 19301 // OrigErr always returns nil, satisfies awserr.Error interface. 19302 func (s *HandshakeConstraintViolationException) OrigErr() error { 19303 return nil 19304 } 19305 19306 func (s *HandshakeConstraintViolationException) Error() string { 19307 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 19308 } 19309 19310 // Status code returns the HTTP status code for the request's response error. 19311 func (s *HandshakeConstraintViolationException) StatusCode() int { 19312 return s.RespMetadata.StatusCode 19313 } 19314 19315 // RequestID returns the service's response RequestID for request. 19316 func (s *HandshakeConstraintViolationException) RequestID() string { 19317 return s.RespMetadata.RequestID 19318 } 19319 19320 // Specifies the criteria that are used to select the handshakes for the operation. 19321 type HandshakeFilter struct { 19322 _ struct{} `type:"structure"` 19323 19324 // Specifies the type of handshake action. 19325 // 19326 // If you specify ActionType, you cannot also specify ParentHandshakeId. 19327 ActionType *string `type:"string" enum:"ActionType"` 19328 19329 // Specifies the parent handshake. Only used for handshake types that are a 19330 // child of another type. 19331 // 19332 // If you specify ParentHandshakeId, you cannot also specify ActionType. 19333 // 19334 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 19335 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 19336 ParentHandshakeId *string `type:"string"` 19337 } 19338 19339 // String returns the string representation. 19340 // 19341 // API parameter values that are decorated as "sensitive" in the API will not 19342 // be included in the string output. The member name will be present, but the 19343 // value will be replaced with "sensitive". 19344 func (s HandshakeFilter) String() string { 19345 return awsutil.Prettify(s) 19346 } 19347 19348 // GoString returns the string representation. 19349 // 19350 // API parameter values that are decorated as "sensitive" in the API will not 19351 // be included in the string output. The member name will be present, but the 19352 // value will be replaced with "sensitive". 19353 func (s HandshakeFilter) GoString() string { 19354 return s.String() 19355 } 19356 19357 // SetActionType sets the ActionType field's value. 19358 func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter { 19359 s.ActionType = &v 19360 return s 19361 } 19362 19363 // SetParentHandshakeId sets the ParentHandshakeId field's value. 19364 func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter { 19365 s.ParentHandshakeId = &v 19366 return s 19367 } 19368 19369 // We can't find a handshake with the HandshakeId that you specified. 19370 type HandshakeNotFoundException struct { 19371 _ struct{} `type:"structure"` 19372 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 19373 19374 Message_ *string `locationName:"Message" type:"string"` 19375 } 19376 19377 // String returns the string representation. 19378 // 19379 // API parameter values that are decorated as "sensitive" in the API will not 19380 // be included in the string output. The member name will be present, but the 19381 // value will be replaced with "sensitive". 19382 func (s HandshakeNotFoundException) String() string { 19383 return awsutil.Prettify(s) 19384 } 19385 19386 // GoString returns the string representation. 19387 // 19388 // API parameter values that are decorated as "sensitive" in the API will not 19389 // be included in the string output. The member name will be present, but the 19390 // value will be replaced with "sensitive". 19391 func (s HandshakeNotFoundException) GoString() string { 19392 return s.String() 19393 } 19394 19395 func newErrorHandshakeNotFoundException(v protocol.ResponseMetadata) error { 19396 return &HandshakeNotFoundException{ 19397 RespMetadata: v, 19398 } 19399 } 19400 19401 // Code returns the exception type name. 19402 func (s *HandshakeNotFoundException) Code() string { 19403 return "HandshakeNotFoundException" 19404 } 19405 19406 // Message returns the exception's message. 19407 func (s *HandshakeNotFoundException) Message() string { 19408 if s.Message_ != nil { 19409 return *s.Message_ 19410 } 19411 return "" 19412 } 19413 19414 // OrigErr always returns nil, satisfies awserr.Error interface. 19415 func (s *HandshakeNotFoundException) OrigErr() error { 19416 return nil 19417 } 19418 19419 func (s *HandshakeNotFoundException) Error() string { 19420 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 19421 } 19422 19423 // Status code returns the HTTP status code for the request's response error. 19424 func (s *HandshakeNotFoundException) StatusCode() int { 19425 return s.RespMetadata.StatusCode 19426 } 19427 19428 // RequestID returns the service's response RequestID for request. 19429 func (s *HandshakeNotFoundException) RequestID() string { 19430 return s.RespMetadata.RequestID 19431 } 19432 19433 // Identifies a participant in a handshake. 19434 type HandshakeParty struct { 19435 _ struct{} `type:"structure"` 19436 19437 // The unique identifier (ID) for the party. 19438 // 19439 // The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string 19440 // requires "h-" followed by from 8 to 32 lowercase letters or digits. 19441 // 19442 // Id is a sensitive parameter and its value will be 19443 // replaced with "sensitive" in string returned by HandshakeParty's 19444 // String and GoString methods. 19445 // 19446 // Id is a required field 19447 Id *string `min:"1" type:"string" required:"true" sensitive:"true"` 19448 19449 // The type of party. 19450 // 19451 // Type is a required field 19452 Type *string `type:"string" required:"true" enum:"HandshakePartyType"` 19453 } 19454 19455 // String returns the string representation. 19456 // 19457 // API parameter values that are decorated as "sensitive" in the API will not 19458 // be included in the string output. The member name will be present, but the 19459 // value will be replaced with "sensitive". 19460 func (s HandshakeParty) String() string { 19461 return awsutil.Prettify(s) 19462 } 19463 19464 // GoString returns the string representation. 19465 // 19466 // API parameter values that are decorated as "sensitive" in the API will not 19467 // be included in the string output. The member name will be present, but the 19468 // value will be replaced with "sensitive". 19469 func (s HandshakeParty) GoString() string { 19470 return s.String() 19471 } 19472 19473 // Validate inspects the fields of the type to determine if they are valid. 19474 func (s *HandshakeParty) Validate() error { 19475 invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"} 19476 if s.Id == nil { 19477 invalidParams.Add(request.NewErrParamRequired("Id")) 19478 } 19479 if s.Id != nil && len(*s.Id) < 1 { 19480 invalidParams.Add(request.NewErrParamMinLen("Id", 1)) 19481 } 19482 if s.Type == nil { 19483 invalidParams.Add(request.NewErrParamRequired("Type")) 19484 } 19485 19486 if invalidParams.Len() > 0 { 19487 return invalidParams 19488 } 19489 return nil 19490 } 19491 19492 // SetId sets the Id field's value. 19493 func (s *HandshakeParty) SetId(v string) *HandshakeParty { 19494 s.Id = &v 19495 return s 19496 } 19497 19498 // SetType sets the Type field's value. 19499 func (s *HandshakeParty) SetType(v string) *HandshakeParty { 19500 s.Type = &v 19501 return s 19502 } 19503 19504 // Contains additional data that is needed to process a handshake. 19505 type HandshakeResource struct { 19506 _ struct{} `type:"structure"` 19507 19508 // When needed, contains an additional array of HandshakeResource objects. 19509 Resources []*HandshakeResource `type:"list"` 19510 19511 // The type of information being passed, specifying how the value is to be interpreted 19512 // by the other party: 19513 // 19514 // * ACCOUNT - Specifies an AWS account ID number. 19515 // 19516 // * ORGANIZATION - Specifies an organization ID number. 19517 // 19518 // * EMAIL - Specifies the email address that is associated with the account 19519 // that receives the handshake. 19520 // 19521 // * OWNER_EMAIL - Specifies the email address associated with the management 19522 // account. Included as information about an organization. 19523 // 19524 // * OWNER_NAME - Specifies the name associated with the management account. 19525 // Included as information about an organization. 19526 // 19527 // * NOTES - Additional text provided by the handshake initiator and intended 19528 // for the recipient to read. 19529 Type *string `type:"string" enum:"HandshakeResourceType"` 19530 19531 // The information that is passed to the other party in the handshake. The format 19532 // of the value string must match the requirements of the specified type. 19533 // 19534 // Value is a sensitive parameter and its value will be 19535 // replaced with "sensitive" in string returned by HandshakeResource's 19536 // String and GoString methods. 19537 Value *string `type:"string" sensitive:"true"` 19538 } 19539 19540 // String returns the string representation. 19541 // 19542 // API parameter values that are decorated as "sensitive" in the API will not 19543 // be included in the string output. The member name will be present, but the 19544 // value will be replaced with "sensitive". 19545 func (s HandshakeResource) String() string { 19546 return awsutil.Prettify(s) 19547 } 19548 19549 // GoString returns the string representation. 19550 // 19551 // API parameter values that are decorated as "sensitive" in the API will not 19552 // be included in the string output. The member name will be present, but the 19553 // value will be replaced with "sensitive". 19554 func (s HandshakeResource) GoString() string { 19555 return s.String() 19556 } 19557 19558 // SetResources sets the Resources field's value. 19559 func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource { 19560 s.Resources = v 19561 return s 19562 } 19563 19564 // SetType sets the Type field's value. 19565 func (s *HandshakeResource) SetType(v string) *HandshakeResource { 19566 s.Type = &v 19567 return s 19568 } 19569 19570 // SetValue sets the Value field's value. 19571 func (s *HandshakeResource) SetValue(v string) *HandshakeResource { 19572 s.Value = &v 19573 return s 19574 } 19575 19576 // You can't perform the operation on the handshake in its current state. For 19577 // example, you can't cancel a handshake that was already accepted or accept 19578 // a handshake that was already declined. 19579 type InvalidHandshakeTransitionException struct { 19580 _ struct{} `type:"structure"` 19581 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 19582 19583 Message_ *string `locationName:"Message" type:"string"` 19584 } 19585 19586 // String returns the string representation. 19587 // 19588 // API parameter values that are decorated as "sensitive" in the API will not 19589 // be included in the string output. The member name will be present, but the 19590 // value will be replaced with "sensitive". 19591 func (s InvalidHandshakeTransitionException) String() string { 19592 return awsutil.Prettify(s) 19593 } 19594 19595 // GoString returns the string representation. 19596 // 19597 // API parameter values that are decorated as "sensitive" in the API will not 19598 // be included in the string output. The member name will be present, but the 19599 // value will be replaced with "sensitive". 19600 func (s InvalidHandshakeTransitionException) GoString() string { 19601 return s.String() 19602 } 19603 19604 func newErrorInvalidHandshakeTransitionException(v protocol.ResponseMetadata) error { 19605 return &InvalidHandshakeTransitionException{ 19606 RespMetadata: v, 19607 } 19608 } 19609 19610 // Code returns the exception type name. 19611 func (s *InvalidHandshakeTransitionException) Code() string { 19612 return "InvalidHandshakeTransitionException" 19613 } 19614 19615 // Message returns the exception's message. 19616 func (s *InvalidHandshakeTransitionException) Message() string { 19617 if s.Message_ != nil { 19618 return *s.Message_ 19619 } 19620 return "" 19621 } 19622 19623 // OrigErr always returns nil, satisfies awserr.Error interface. 19624 func (s *InvalidHandshakeTransitionException) OrigErr() error { 19625 return nil 19626 } 19627 19628 func (s *InvalidHandshakeTransitionException) Error() string { 19629 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 19630 } 19631 19632 // Status code returns the HTTP status code for the request's response error. 19633 func (s *InvalidHandshakeTransitionException) StatusCode() int { 19634 return s.RespMetadata.StatusCode 19635 } 19636 19637 // RequestID returns the service's response RequestID for request. 19638 func (s *InvalidHandshakeTransitionException) RequestID() string { 19639 return s.RespMetadata.RequestID 19640 } 19641 19642 // The requested operation failed because you provided invalid values for one 19643 // or more of the request parameters. This exception includes a reason that 19644 // contains additional information about the violated limit: 19645 // 19646 // Some of the reasons in the following list might not be applicable to this 19647 // specific API or operation. 19648 // 19649 // * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to 19650 // the same entity. 19651 // 19652 // * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and 19653 // can't be modified. 19654 // 19655 // * INPUT_REQUIRED: You must include a value for all required parameters. 19656 // 19657 // * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address 19658 // for the invited account owner. 19659 // 19660 // * INVALID_ENUM: You specified an invalid value. 19661 // 19662 // * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string. 19663 // 19664 // * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid 19665 // characters. 19666 // 19667 // * INVALID_LIST_MEMBER: You provided a list to a parameter that contains 19668 // at least one invalid value. 19669 // 19670 // * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter 19671 // from the response to a previous call of the operation. 19672 // 19673 // * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, 19674 // organization, or email) as a party. 19675 // 19676 // * INVALID_PATTERN: You provided a value that doesn't match the required 19677 // pattern. 19678 // 19679 // * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't 19680 // match the required pattern. 19681 // 19682 // * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role 19683 // name can't begin with the reserved prefix AWSServiceRoleFor. 19684 // 19685 // * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource 19686 // Name (ARN) for the organization. 19687 // 19688 // * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID. 19689 // 19690 // * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system 19691 // tag. You can’t add, edit, or delete system tag keys because they're 19692 // reserved for AWS use. System tags don’t count against your tags per 19693 // resource limit. 19694 // 19695 // * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter 19696 // for the operation. 19697 // 19698 // * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer 19699 // than allowed. 19700 // 19701 // * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger 19702 // value than allowed. 19703 // 19704 // * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter 19705 // than allowed. 19706 // 19707 // * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller 19708 // value than allowed. 19709 // 19710 // * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only 19711 // between entities in the same root. 19712 // 19713 // * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that 19714 // target entity. 19715 // 19716 // * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that 19717 // isn't recognized. 19718 type InvalidInputException struct { 19719 _ struct{} `type:"structure"` 19720 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 19721 19722 Message_ *string `locationName:"Message" type:"string"` 19723 19724 Reason *string `type:"string" enum:"InvalidInputExceptionReason"` 19725 } 19726 19727 // String returns the string representation. 19728 // 19729 // API parameter values that are decorated as "sensitive" in the API will not 19730 // be included in the string output. The member name will be present, but the 19731 // value will be replaced with "sensitive". 19732 func (s InvalidInputException) String() string { 19733 return awsutil.Prettify(s) 19734 } 19735 19736 // GoString returns the string representation. 19737 // 19738 // API parameter values that are decorated as "sensitive" in the API will not 19739 // be included in the string output. The member name will be present, but the 19740 // value will be replaced with "sensitive". 19741 func (s InvalidInputException) GoString() string { 19742 return s.String() 19743 } 19744 19745 func newErrorInvalidInputException(v protocol.ResponseMetadata) error { 19746 return &InvalidInputException{ 19747 RespMetadata: v, 19748 } 19749 } 19750 19751 // Code returns the exception type name. 19752 func (s *InvalidInputException) Code() string { 19753 return "InvalidInputException" 19754 } 19755 19756 // Message returns the exception's message. 19757 func (s *InvalidInputException) Message() string { 19758 if s.Message_ != nil { 19759 return *s.Message_ 19760 } 19761 return "" 19762 } 19763 19764 // OrigErr always returns nil, satisfies awserr.Error interface. 19765 func (s *InvalidInputException) OrigErr() error { 19766 return nil 19767 } 19768 19769 func (s *InvalidInputException) Error() string { 19770 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 19771 } 19772 19773 // Status code returns the HTTP status code for the request's response error. 19774 func (s *InvalidInputException) StatusCode() int { 19775 return s.RespMetadata.StatusCode 19776 } 19777 19778 // RequestID returns the service's response RequestID for request. 19779 func (s *InvalidInputException) RequestID() string { 19780 return s.RespMetadata.RequestID 19781 } 19782 19783 type InviteAccountToOrganizationInput struct { 19784 _ struct{} `type:"structure"` 19785 19786 // Additional information that you want to include in the generated email to 19787 // the recipient account owner. 19788 // 19789 // Notes is a sensitive parameter and its value will be 19790 // replaced with "sensitive" in string returned by InviteAccountToOrganizationInput's 19791 // String and GoString methods. 19792 Notes *string `type:"string" sensitive:"true"` 19793 19794 // A list of tags that you want to attach to the account when it becomes a member 19795 // of the organization. For each tag in the list, you must specify both a tag 19796 // key and a value. You can set the value to an empty string, but you can't 19797 // set it to null. For more information about tagging, see Tagging AWS Organizations 19798 // resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html) 19799 // in the AWS Organizations User Guide. 19800 // 19801 // Any tags in the request are checked for compliance with any applicable tag 19802 // policies when the request is made. The request is rejected if the tags in 19803 // the request don't match the requirements of the policy at that time. Tag 19804 // policy compliance is not checked again when the invitation is accepted and 19805 // the tags are actually attached to the account. That means that if the tag 19806 // policy changes between the invitation and the acceptance, then that tags 19807 // could potentially be non-compliant. 19808 // 19809 // If any one of the tags is invalid or if you exceed the allowed number of 19810 // tags for an account, then the entire request fails and invitations are not 19811 // sent. 19812 Tags []*Tag `type:"list"` 19813 19814 // The identifier (ID) of the AWS account that you want to invite to join your 19815 // organization. This is a JSON object that contains the following elements: 19816 // 19817 // { "Type": "ACCOUNT", "Id": "< account id number >" } 19818 // 19819 // If you use the AWS CLI, you can submit this as a single string, similar to 19820 // the following example: 19821 // 19822 // --target Id=123456789012,Type=ACCOUNT 19823 // 19824 // If you specify "Type": "ACCOUNT", you must provide the AWS account ID number 19825 // as the Id. If you specify "Type": "EMAIL", you must specify the email address 19826 // that is associated with the account. 19827 // 19828 // --target Id=diego@example.com,Type=EMAIL 19829 // 19830 // Target is a required field 19831 Target *HandshakeParty `type:"structure" required:"true"` 19832 } 19833 19834 // String returns the string representation. 19835 // 19836 // API parameter values that are decorated as "sensitive" in the API will not 19837 // be included in the string output. The member name will be present, but the 19838 // value will be replaced with "sensitive". 19839 func (s InviteAccountToOrganizationInput) String() string { 19840 return awsutil.Prettify(s) 19841 } 19842 19843 // GoString returns the string representation. 19844 // 19845 // API parameter values that are decorated as "sensitive" in the API will not 19846 // be included in the string output. The member name will be present, but the 19847 // value will be replaced with "sensitive". 19848 func (s InviteAccountToOrganizationInput) GoString() string { 19849 return s.String() 19850 } 19851 19852 // Validate inspects the fields of the type to determine if they are valid. 19853 func (s *InviteAccountToOrganizationInput) Validate() error { 19854 invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"} 19855 if s.Target == nil { 19856 invalidParams.Add(request.NewErrParamRequired("Target")) 19857 } 19858 if s.Tags != nil { 19859 for i, v := range s.Tags { 19860 if v == nil { 19861 continue 19862 } 19863 if err := v.Validate(); err != nil { 19864 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 19865 } 19866 } 19867 } 19868 if s.Target != nil { 19869 if err := s.Target.Validate(); err != nil { 19870 invalidParams.AddNested("Target", err.(request.ErrInvalidParams)) 19871 } 19872 } 19873 19874 if invalidParams.Len() > 0 { 19875 return invalidParams 19876 } 19877 return nil 19878 } 19879 19880 // SetNotes sets the Notes field's value. 19881 func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput { 19882 s.Notes = &v 19883 return s 19884 } 19885 19886 // SetTags sets the Tags field's value. 19887 func (s *InviteAccountToOrganizationInput) SetTags(v []*Tag) *InviteAccountToOrganizationInput { 19888 s.Tags = v 19889 return s 19890 } 19891 19892 // SetTarget sets the Target field's value. 19893 func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput { 19894 s.Target = v 19895 return s 19896 } 19897 19898 type InviteAccountToOrganizationOutput struct { 19899 _ struct{} `type:"structure"` 19900 19901 // A structure that contains details about the handshake that is created to 19902 // support this invitation request. 19903 Handshake *Handshake `type:"structure"` 19904 } 19905 19906 // String returns the string representation. 19907 // 19908 // API parameter values that are decorated as "sensitive" in the API will not 19909 // be included in the string output. The member name will be present, but the 19910 // value will be replaced with "sensitive". 19911 func (s InviteAccountToOrganizationOutput) String() string { 19912 return awsutil.Prettify(s) 19913 } 19914 19915 // GoString returns the string representation. 19916 // 19917 // API parameter values that are decorated as "sensitive" in the API will not 19918 // be included in the string output. The member name will be present, but the 19919 // value will be replaced with "sensitive". 19920 func (s InviteAccountToOrganizationOutput) GoString() string { 19921 return s.String() 19922 } 19923 19924 // SetHandshake sets the Handshake field's value. 19925 func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput { 19926 s.Handshake = v 19927 return s 19928 } 19929 19930 type LeaveOrganizationInput struct { 19931 _ struct{} `type:"structure"` 19932 } 19933 19934 // String returns the string representation. 19935 // 19936 // API parameter values that are decorated as "sensitive" in the API will not 19937 // be included in the string output. The member name will be present, but the 19938 // value will be replaced with "sensitive". 19939 func (s LeaveOrganizationInput) String() string { 19940 return awsutil.Prettify(s) 19941 } 19942 19943 // GoString returns the string representation. 19944 // 19945 // API parameter values that are decorated as "sensitive" in the API will not 19946 // be included in the string output. The member name will be present, but the 19947 // value will be replaced with "sensitive". 19948 func (s LeaveOrganizationInput) GoString() string { 19949 return s.String() 19950 } 19951 19952 type LeaveOrganizationOutput struct { 19953 _ struct{} `type:"structure"` 19954 } 19955 19956 // String returns the string representation. 19957 // 19958 // API parameter values that are decorated as "sensitive" in the API will not 19959 // be included in the string output. The member name will be present, but the 19960 // value will be replaced with "sensitive". 19961 func (s LeaveOrganizationOutput) String() string { 19962 return awsutil.Prettify(s) 19963 } 19964 19965 // GoString returns the string representation. 19966 // 19967 // API parameter values that are decorated as "sensitive" in the API will not 19968 // be included in the string output. The member name will be present, but the 19969 // value will be replaced with "sensitive". 19970 func (s LeaveOrganizationOutput) GoString() string { 19971 return s.String() 19972 } 19973 19974 type ListAWSServiceAccessForOrganizationInput struct { 19975 _ struct{} `type:"structure"` 19976 19977 // The total number of results that you want included on each page of the response. 19978 // If you do not include this parameter, it defaults to a value that is specific 19979 // to the operation. If additional items exist beyond the maximum you specify, 19980 // the NextToken response element is present and has a value (is not null). 19981 // Include that value as the NextToken request parameter in the next call to 19982 // the operation to get the next part of the results. Note that Organizations 19983 // might return fewer results than the maximum even when there are more results 19984 // available. You should check NextToken after every operation to ensure that 19985 // you receive all of the results. 19986 MaxResults *int64 `min:"1" type:"integer"` 19987 19988 // The parameter for receiving additional results if you receive a NextToken 19989 // response in a previous request. A NextToken response indicates that more 19990 // output is available. Set this parameter to the value of the previous call's 19991 // NextToken response to indicate where the output should continue from. 19992 NextToken *string `type:"string"` 19993 } 19994 19995 // String returns the string representation. 19996 // 19997 // API parameter values that are decorated as "sensitive" in the API will not 19998 // be included in the string output. The member name will be present, but the 19999 // value will be replaced with "sensitive". 20000 func (s ListAWSServiceAccessForOrganizationInput) String() string { 20001 return awsutil.Prettify(s) 20002 } 20003 20004 // GoString returns the string representation. 20005 // 20006 // API parameter values that are decorated as "sensitive" in the API will not 20007 // be included in the string output. The member name will be present, but the 20008 // value will be replaced with "sensitive". 20009 func (s ListAWSServiceAccessForOrganizationInput) GoString() string { 20010 return s.String() 20011 } 20012 20013 // Validate inspects the fields of the type to determine if they are valid. 20014 func (s *ListAWSServiceAccessForOrganizationInput) Validate() error { 20015 invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"} 20016 if s.MaxResults != nil && *s.MaxResults < 1 { 20017 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20018 } 20019 20020 if invalidParams.Len() > 0 { 20021 return invalidParams 20022 } 20023 return nil 20024 } 20025 20026 // SetMaxResults sets the MaxResults field's value. 20027 func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput { 20028 s.MaxResults = &v 20029 return s 20030 } 20031 20032 // SetNextToken sets the NextToken field's value. 20033 func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput { 20034 s.NextToken = &v 20035 return s 20036 } 20037 20038 type ListAWSServiceAccessForOrganizationOutput struct { 20039 _ struct{} `type:"structure"` 20040 20041 // A list of the service principals for the services that are enabled to integrate 20042 // with your organization. Each principal is a structure that includes the name 20043 // and the date that it was enabled for integration with AWS Organizations. 20044 EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"` 20045 20046 // If present, indicates that more output is available than is included in the 20047 // current response. Use this value in the NextToken request parameter in a 20048 // subsequent call to the operation to get the next part of the output. You 20049 // should repeat this until the NextToken response element comes back as null. 20050 NextToken *string `type:"string"` 20051 } 20052 20053 // String returns the string representation. 20054 // 20055 // API parameter values that are decorated as "sensitive" in the API will not 20056 // be included in the string output. The member name will be present, but the 20057 // value will be replaced with "sensitive". 20058 func (s ListAWSServiceAccessForOrganizationOutput) String() string { 20059 return awsutil.Prettify(s) 20060 } 20061 20062 // GoString returns the string representation. 20063 // 20064 // API parameter values that are decorated as "sensitive" in the API will not 20065 // be included in the string output. The member name will be present, but the 20066 // value will be replaced with "sensitive". 20067 func (s ListAWSServiceAccessForOrganizationOutput) GoString() string { 20068 return s.String() 20069 } 20070 20071 // SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value. 20072 func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput { 20073 s.EnabledServicePrincipals = v 20074 return s 20075 } 20076 20077 // SetNextToken sets the NextToken field's value. 20078 func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput { 20079 s.NextToken = &v 20080 return s 20081 } 20082 20083 type ListAccountsForParentInput struct { 20084 _ struct{} `type:"structure"` 20085 20086 // The total number of results that you want included on each page of the response. 20087 // If you do not include this parameter, it defaults to a value that is specific 20088 // to the operation. If additional items exist beyond the maximum you specify, 20089 // the NextToken response element is present and has a value (is not null). 20090 // Include that value as the NextToken request parameter in the next call to 20091 // the operation to get the next part of the results. Note that Organizations 20092 // might return fewer results than the maximum even when there are more results 20093 // available. You should check NextToken after every operation to ensure that 20094 // you receive all of the results. 20095 MaxResults *int64 `min:"1" type:"integer"` 20096 20097 // The parameter for receiving additional results if you receive a NextToken 20098 // response in a previous request. A NextToken response indicates that more 20099 // output is available. Set this parameter to the value of the previous call's 20100 // NextToken response to indicate where the output should continue from. 20101 NextToken *string `type:"string"` 20102 20103 // The unique identifier (ID) for the parent root or organization unit (OU) 20104 // whose accounts you want to list. 20105 // 20106 // ParentId is a required field 20107 ParentId *string `type:"string" required:"true"` 20108 } 20109 20110 // String returns the string representation. 20111 // 20112 // API parameter values that are decorated as "sensitive" in the API will not 20113 // be included in the string output. The member name will be present, but the 20114 // value will be replaced with "sensitive". 20115 func (s ListAccountsForParentInput) String() string { 20116 return awsutil.Prettify(s) 20117 } 20118 20119 // GoString returns the string representation. 20120 // 20121 // API parameter values that are decorated as "sensitive" in the API will not 20122 // be included in the string output. The member name will be present, but the 20123 // value will be replaced with "sensitive". 20124 func (s ListAccountsForParentInput) GoString() string { 20125 return s.String() 20126 } 20127 20128 // Validate inspects the fields of the type to determine if they are valid. 20129 func (s *ListAccountsForParentInput) Validate() error { 20130 invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"} 20131 if s.MaxResults != nil && *s.MaxResults < 1 { 20132 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20133 } 20134 if s.ParentId == nil { 20135 invalidParams.Add(request.NewErrParamRequired("ParentId")) 20136 } 20137 20138 if invalidParams.Len() > 0 { 20139 return invalidParams 20140 } 20141 return nil 20142 } 20143 20144 // SetMaxResults sets the MaxResults field's value. 20145 func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput { 20146 s.MaxResults = &v 20147 return s 20148 } 20149 20150 // SetNextToken sets the NextToken field's value. 20151 func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput { 20152 s.NextToken = &v 20153 return s 20154 } 20155 20156 // SetParentId sets the ParentId field's value. 20157 func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput { 20158 s.ParentId = &v 20159 return s 20160 } 20161 20162 type ListAccountsForParentOutput struct { 20163 _ struct{} `type:"structure"` 20164 20165 // A list of the accounts in the specified root or OU. 20166 Accounts []*Account `type:"list"` 20167 20168 // If present, indicates that more output is available than is included in the 20169 // current response. Use this value in the NextToken request parameter in a 20170 // subsequent call to the operation to get the next part of the output. You 20171 // should repeat this until the NextToken response element comes back as null. 20172 NextToken *string `type:"string"` 20173 } 20174 20175 // String returns the string representation. 20176 // 20177 // API parameter values that are decorated as "sensitive" in the API will not 20178 // be included in the string output. The member name will be present, but the 20179 // value will be replaced with "sensitive". 20180 func (s ListAccountsForParentOutput) String() string { 20181 return awsutil.Prettify(s) 20182 } 20183 20184 // GoString returns the string representation. 20185 // 20186 // API parameter values that are decorated as "sensitive" in the API will not 20187 // be included in the string output. The member name will be present, but the 20188 // value will be replaced with "sensitive". 20189 func (s ListAccountsForParentOutput) GoString() string { 20190 return s.String() 20191 } 20192 20193 // SetAccounts sets the Accounts field's value. 20194 func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput { 20195 s.Accounts = v 20196 return s 20197 } 20198 20199 // SetNextToken sets the NextToken field's value. 20200 func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput { 20201 s.NextToken = &v 20202 return s 20203 } 20204 20205 type ListAccountsInput struct { 20206 _ struct{} `type:"structure"` 20207 20208 // The total number of results that you want included on each page of the response. 20209 // If you do not include this parameter, it defaults to a value that is specific 20210 // to the operation. If additional items exist beyond the maximum you specify, 20211 // the NextToken response element is present and has a value (is not null). 20212 // Include that value as the NextToken request parameter in the next call to 20213 // the operation to get the next part of the results. Note that Organizations 20214 // might return fewer results than the maximum even when there are more results 20215 // available. You should check NextToken after every operation to ensure that 20216 // you receive all of the results. 20217 MaxResults *int64 `min:"1" type:"integer"` 20218 20219 // The parameter for receiving additional results if you receive a NextToken 20220 // response in a previous request. A NextToken response indicates that more 20221 // output is available. Set this parameter to the value of the previous call's 20222 // NextToken response to indicate where the output should continue from. 20223 NextToken *string `type:"string"` 20224 } 20225 20226 // String returns the string representation. 20227 // 20228 // API parameter values that are decorated as "sensitive" in the API will not 20229 // be included in the string output. The member name will be present, but the 20230 // value will be replaced with "sensitive". 20231 func (s ListAccountsInput) String() string { 20232 return awsutil.Prettify(s) 20233 } 20234 20235 // GoString returns the string representation. 20236 // 20237 // API parameter values that are decorated as "sensitive" in the API will not 20238 // be included in the string output. The member name will be present, but the 20239 // value will be replaced with "sensitive". 20240 func (s ListAccountsInput) GoString() string { 20241 return s.String() 20242 } 20243 20244 // Validate inspects the fields of the type to determine if they are valid. 20245 func (s *ListAccountsInput) Validate() error { 20246 invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"} 20247 if s.MaxResults != nil && *s.MaxResults < 1 { 20248 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20249 } 20250 20251 if invalidParams.Len() > 0 { 20252 return invalidParams 20253 } 20254 return nil 20255 } 20256 20257 // SetMaxResults sets the MaxResults field's value. 20258 func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput { 20259 s.MaxResults = &v 20260 return s 20261 } 20262 20263 // SetNextToken sets the NextToken field's value. 20264 func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput { 20265 s.NextToken = &v 20266 return s 20267 } 20268 20269 type ListAccountsOutput struct { 20270 _ struct{} `type:"structure"` 20271 20272 // A list of objects in the organization. 20273 Accounts []*Account `type:"list"` 20274 20275 // If present, indicates that more output is available than is included in the 20276 // current response. Use this value in the NextToken request parameter in a 20277 // subsequent call to the operation to get the next part of the output. You 20278 // should repeat this until the NextToken response element comes back as null. 20279 NextToken *string `type:"string"` 20280 } 20281 20282 // String returns the string representation. 20283 // 20284 // API parameter values that are decorated as "sensitive" in the API will not 20285 // be included in the string output. The member name will be present, but the 20286 // value will be replaced with "sensitive". 20287 func (s ListAccountsOutput) String() string { 20288 return awsutil.Prettify(s) 20289 } 20290 20291 // GoString returns the string representation. 20292 // 20293 // API parameter values that are decorated as "sensitive" in the API will not 20294 // be included in the string output. The member name will be present, but the 20295 // value will be replaced with "sensitive". 20296 func (s ListAccountsOutput) GoString() string { 20297 return s.String() 20298 } 20299 20300 // SetAccounts sets the Accounts field's value. 20301 func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput { 20302 s.Accounts = v 20303 return s 20304 } 20305 20306 // SetNextToken sets the NextToken field's value. 20307 func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput { 20308 s.NextToken = &v 20309 return s 20310 } 20311 20312 type ListChildrenInput struct { 20313 _ struct{} `type:"structure"` 20314 20315 // Filters the output to include only the specified child type. 20316 // 20317 // ChildType is a required field 20318 ChildType *string `type:"string" required:"true" enum:"ChildType"` 20319 20320 // The total number of results that you want included on each page of the response. 20321 // If you do not include this parameter, it defaults to a value that is specific 20322 // to the operation. If additional items exist beyond the maximum you specify, 20323 // the NextToken response element is present and has a value (is not null). 20324 // Include that value as the NextToken request parameter in the next call to 20325 // the operation to get the next part of the results. Note that Organizations 20326 // might return fewer results than the maximum even when there are more results 20327 // available. You should check NextToken after every operation to ensure that 20328 // you receive all of the results. 20329 MaxResults *int64 `min:"1" type:"integer"` 20330 20331 // The parameter for receiving additional results if you receive a NextToken 20332 // response in a previous request. A NextToken response indicates that more 20333 // output is available. Set this parameter to the value of the previous call's 20334 // NextToken response to indicate where the output should continue from. 20335 NextToken *string `type:"string"` 20336 20337 // The unique identifier (ID) for the parent root or OU whose children you want 20338 // to list. 20339 // 20340 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 20341 // requires one of the following: 20342 // 20343 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 20344 // letters or digits. 20345 // 20346 // * Organizational unit (OU) - A string that begins with "ou-" followed 20347 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 20348 // OU is in). This string is followed by a second "-" dash and from 8 to 20349 // 32 additional lowercase letters or digits. 20350 // 20351 // ParentId is a required field 20352 ParentId *string `type:"string" required:"true"` 20353 } 20354 20355 // String returns the string representation. 20356 // 20357 // API parameter values that are decorated as "sensitive" in the API will not 20358 // be included in the string output. The member name will be present, but the 20359 // value will be replaced with "sensitive". 20360 func (s ListChildrenInput) String() string { 20361 return awsutil.Prettify(s) 20362 } 20363 20364 // GoString returns the string representation. 20365 // 20366 // API parameter values that are decorated as "sensitive" in the API will not 20367 // be included in the string output. The member name will be present, but the 20368 // value will be replaced with "sensitive". 20369 func (s ListChildrenInput) GoString() string { 20370 return s.String() 20371 } 20372 20373 // Validate inspects the fields of the type to determine if they are valid. 20374 func (s *ListChildrenInput) Validate() error { 20375 invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"} 20376 if s.ChildType == nil { 20377 invalidParams.Add(request.NewErrParamRequired("ChildType")) 20378 } 20379 if s.MaxResults != nil && *s.MaxResults < 1 { 20380 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20381 } 20382 if s.ParentId == nil { 20383 invalidParams.Add(request.NewErrParamRequired("ParentId")) 20384 } 20385 20386 if invalidParams.Len() > 0 { 20387 return invalidParams 20388 } 20389 return nil 20390 } 20391 20392 // SetChildType sets the ChildType field's value. 20393 func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput { 20394 s.ChildType = &v 20395 return s 20396 } 20397 20398 // SetMaxResults sets the MaxResults field's value. 20399 func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput { 20400 s.MaxResults = &v 20401 return s 20402 } 20403 20404 // SetNextToken sets the NextToken field's value. 20405 func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput { 20406 s.NextToken = &v 20407 return s 20408 } 20409 20410 // SetParentId sets the ParentId field's value. 20411 func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput { 20412 s.ParentId = &v 20413 return s 20414 } 20415 20416 type ListChildrenOutput struct { 20417 _ struct{} `type:"structure"` 20418 20419 // The list of children of the specified parent container. 20420 Children []*Child `type:"list"` 20421 20422 // If present, indicates that more output is available than is included in the 20423 // current response. Use this value in the NextToken request parameter in a 20424 // subsequent call to the operation to get the next part of the output. You 20425 // should repeat this until the NextToken response element comes back as null. 20426 NextToken *string `type:"string"` 20427 } 20428 20429 // String returns the string representation. 20430 // 20431 // API parameter values that are decorated as "sensitive" in the API will not 20432 // be included in the string output. The member name will be present, but the 20433 // value will be replaced with "sensitive". 20434 func (s ListChildrenOutput) String() string { 20435 return awsutil.Prettify(s) 20436 } 20437 20438 // GoString returns the string representation. 20439 // 20440 // API parameter values that are decorated as "sensitive" in the API will not 20441 // be included in the string output. The member name will be present, but the 20442 // value will be replaced with "sensitive". 20443 func (s ListChildrenOutput) GoString() string { 20444 return s.String() 20445 } 20446 20447 // SetChildren sets the Children field's value. 20448 func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput { 20449 s.Children = v 20450 return s 20451 } 20452 20453 // SetNextToken sets the NextToken field's value. 20454 func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput { 20455 s.NextToken = &v 20456 return s 20457 } 20458 20459 type ListCreateAccountStatusInput struct { 20460 _ struct{} `type:"structure"` 20461 20462 // The total number of results that you want included on each page of the response. 20463 // If you do not include this parameter, it defaults to a value that is specific 20464 // to the operation. If additional items exist beyond the maximum you specify, 20465 // the NextToken response element is present and has a value (is not null). 20466 // Include that value as the NextToken request parameter in the next call to 20467 // the operation to get the next part of the results. Note that Organizations 20468 // might return fewer results than the maximum even when there are more results 20469 // available. You should check NextToken after every operation to ensure that 20470 // you receive all of the results. 20471 MaxResults *int64 `min:"1" type:"integer"` 20472 20473 // The parameter for receiving additional results if you receive a NextToken 20474 // response in a previous request. A NextToken response indicates that more 20475 // output is available. Set this parameter to the value of the previous call's 20476 // NextToken response to indicate where the output should continue from. 20477 NextToken *string `type:"string"` 20478 20479 // A list of one or more states that you want included in the response. If this 20480 // parameter isn't present, all requests are included in the response. 20481 States []*string `type:"list"` 20482 } 20483 20484 // String returns the string representation. 20485 // 20486 // API parameter values that are decorated as "sensitive" in the API will not 20487 // be included in the string output. The member name will be present, but the 20488 // value will be replaced with "sensitive". 20489 func (s ListCreateAccountStatusInput) String() string { 20490 return awsutil.Prettify(s) 20491 } 20492 20493 // GoString returns the string representation. 20494 // 20495 // API parameter values that are decorated as "sensitive" in the API will not 20496 // be included in the string output. The member name will be present, but the 20497 // value will be replaced with "sensitive". 20498 func (s ListCreateAccountStatusInput) GoString() string { 20499 return s.String() 20500 } 20501 20502 // Validate inspects the fields of the type to determine if they are valid. 20503 func (s *ListCreateAccountStatusInput) Validate() error { 20504 invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"} 20505 if s.MaxResults != nil && *s.MaxResults < 1 { 20506 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20507 } 20508 20509 if invalidParams.Len() > 0 { 20510 return invalidParams 20511 } 20512 return nil 20513 } 20514 20515 // SetMaxResults sets the MaxResults field's value. 20516 func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput { 20517 s.MaxResults = &v 20518 return s 20519 } 20520 20521 // SetNextToken sets the NextToken field's value. 20522 func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput { 20523 s.NextToken = &v 20524 return s 20525 } 20526 20527 // SetStates sets the States field's value. 20528 func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput { 20529 s.States = v 20530 return s 20531 } 20532 20533 type ListCreateAccountStatusOutput struct { 20534 _ struct{} `type:"structure"` 20535 20536 // A list of objects with details about the requests. Certain elements, such 20537 // as the accountId number, are present in the output only after the account 20538 // has been successfully created. 20539 CreateAccountStatuses []*CreateAccountStatus `type:"list"` 20540 20541 // If present, indicates that more output is available than is included in the 20542 // current response. Use this value in the NextToken request parameter in a 20543 // subsequent call to the operation to get the next part of the output. You 20544 // should repeat this until the NextToken response element comes back as null. 20545 NextToken *string `type:"string"` 20546 } 20547 20548 // String returns the string representation. 20549 // 20550 // API parameter values that are decorated as "sensitive" in the API will not 20551 // be included in the string output. The member name will be present, but the 20552 // value will be replaced with "sensitive". 20553 func (s ListCreateAccountStatusOutput) String() string { 20554 return awsutil.Prettify(s) 20555 } 20556 20557 // GoString returns the string representation. 20558 // 20559 // API parameter values that are decorated as "sensitive" in the API will not 20560 // be included in the string output. The member name will be present, but the 20561 // value will be replaced with "sensitive". 20562 func (s ListCreateAccountStatusOutput) GoString() string { 20563 return s.String() 20564 } 20565 20566 // SetCreateAccountStatuses sets the CreateAccountStatuses field's value. 20567 func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput { 20568 s.CreateAccountStatuses = v 20569 return s 20570 } 20571 20572 // SetNextToken sets the NextToken field's value. 20573 func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput { 20574 s.NextToken = &v 20575 return s 20576 } 20577 20578 type ListDelegatedAdministratorsInput struct { 20579 _ struct{} `type:"structure"` 20580 20581 // The total number of results that you want included on each page of the response. 20582 // If you do not include this parameter, it defaults to a value that is specific 20583 // to the operation. If additional items exist beyond the maximum you specify, 20584 // the NextToken response element is present and has a value (is not null). 20585 // Include that value as the NextToken request parameter in the next call to 20586 // the operation to get the next part of the results. Note that Organizations 20587 // might return fewer results than the maximum even when there are more results 20588 // available. You should check NextToken after every operation to ensure that 20589 // you receive all of the results. 20590 MaxResults *int64 `min:"1" type:"integer"` 20591 20592 // The parameter for receiving additional results if you receive a NextToken 20593 // response in a previous request. A NextToken response indicates that more 20594 // output is available. Set this parameter to the value of the previous call's 20595 // NextToken response to indicate where the output should continue from. 20596 NextToken *string `type:"string"` 20597 20598 // Specifies a service principal name. If specified, then the operation lists 20599 // the delegated administrators only for the specified service. 20600 // 20601 // If you don't specify a service principal, the operation lists all delegated 20602 // administrators for all services in your organization. 20603 ServicePrincipal *string `min:"1" type:"string"` 20604 } 20605 20606 // String returns the string representation. 20607 // 20608 // API parameter values that are decorated as "sensitive" in the API will not 20609 // be included in the string output. The member name will be present, but the 20610 // value will be replaced with "sensitive". 20611 func (s ListDelegatedAdministratorsInput) String() string { 20612 return awsutil.Prettify(s) 20613 } 20614 20615 // GoString returns the string representation. 20616 // 20617 // API parameter values that are decorated as "sensitive" in the API will not 20618 // be included in the string output. The member name will be present, but the 20619 // value will be replaced with "sensitive". 20620 func (s ListDelegatedAdministratorsInput) GoString() string { 20621 return s.String() 20622 } 20623 20624 // Validate inspects the fields of the type to determine if they are valid. 20625 func (s *ListDelegatedAdministratorsInput) Validate() error { 20626 invalidParams := request.ErrInvalidParams{Context: "ListDelegatedAdministratorsInput"} 20627 if s.MaxResults != nil && *s.MaxResults < 1 { 20628 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20629 } 20630 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 20631 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 20632 } 20633 20634 if invalidParams.Len() > 0 { 20635 return invalidParams 20636 } 20637 return nil 20638 } 20639 20640 // SetMaxResults sets the MaxResults field's value. 20641 func (s *ListDelegatedAdministratorsInput) SetMaxResults(v int64) *ListDelegatedAdministratorsInput { 20642 s.MaxResults = &v 20643 return s 20644 } 20645 20646 // SetNextToken sets the NextToken field's value. 20647 func (s *ListDelegatedAdministratorsInput) SetNextToken(v string) *ListDelegatedAdministratorsInput { 20648 s.NextToken = &v 20649 return s 20650 } 20651 20652 // SetServicePrincipal sets the ServicePrincipal field's value. 20653 func (s *ListDelegatedAdministratorsInput) SetServicePrincipal(v string) *ListDelegatedAdministratorsInput { 20654 s.ServicePrincipal = &v 20655 return s 20656 } 20657 20658 type ListDelegatedAdministratorsOutput struct { 20659 _ struct{} `type:"structure"` 20660 20661 // The list of delegated administrators in your organization. 20662 DelegatedAdministrators []*DelegatedAdministrator `type:"list"` 20663 20664 // If present, indicates that more output is available than is included in the 20665 // current response. Use this value in the NextToken request parameter in a 20666 // subsequent call to the operation to get the next part of the output. You 20667 // should repeat this until the NextToken response element comes back as null. 20668 NextToken *string `type:"string"` 20669 } 20670 20671 // String returns the string representation. 20672 // 20673 // API parameter values that are decorated as "sensitive" in the API will not 20674 // be included in the string output. The member name will be present, but the 20675 // value will be replaced with "sensitive". 20676 func (s ListDelegatedAdministratorsOutput) String() string { 20677 return awsutil.Prettify(s) 20678 } 20679 20680 // GoString returns the string representation. 20681 // 20682 // API parameter values that are decorated as "sensitive" in the API will not 20683 // be included in the string output. The member name will be present, but the 20684 // value will be replaced with "sensitive". 20685 func (s ListDelegatedAdministratorsOutput) GoString() string { 20686 return s.String() 20687 } 20688 20689 // SetDelegatedAdministrators sets the DelegatedAdministrators field's value. 20690 func (s *ListDelegatedAdministratorsOutput) SetDelegatedAdministrators(v []*DelegatedAdministrator) *ListDelegatedAdministratorsOutput { 20691 s.DelegatedAdministrators = v 20692 return s 20693 } 20694 20695 // SetNextToken sets the NextToken field's value. 20696 func (s *ListDelegatedAdministratorsOutput) SetNextToken(v string) *ListDelegatedAdministratorsOutput { 20697 s.NextToken = &v 20698 return s 20699 } 20700 20701 type ListDelegatedServicesForAccountInput struct { 20702 _ struct{} `type:"structure"` 20703 20704 // The account ID number of a delegated administrator account in the organization. 20705 // 20706 // AccountId is a required field 20707 AccountId *string `type:"string" required:"true"` 20708 20709 // The total number of results that you want included on each page of the response. 20710 // If you do not include this parameter, it defaults to a value that is specific 20711 // to the operation. If additional items exist beyond the maximum you specify, 20712 // the NextToken response element is present and has a value (is not null). 20713 // Include that value as the NextToken request parameter in the next call to 20714 // the operation to get the next part of the results. Note that Organizations 20715 // might return fewer results than the maximum even when there are more results 20716 // available. You should check NextToken after every operation to ensure that 20717 // you receive all of the results. 20718 MaxResults *int64 `min:"1" type:"integer"` 20719 20720 // The parameter for receiving additional results if you receive a NextToken 20721 // response in a previous request. A NextToken response indicates that more 20722 // output is available. Set this parameter to the value of the previous call's 20723 // NextToken response to indicate where the output should continue from. 20724 NextToken *string `type:"string"` 20725 } 20726 20727 // String returns the string representation. 20728 // 20729 // API parameter values that are decorated as "sensitive" in the API will not 20730 // be included in the string output. The member name will be present, but the 20731 // value will be replaced with "sensitive". 20732 func (s ListDelegatedServicesForAccountInput) String() string { 20733 return awsutil.Prettify(s) 20734 } 20735 20736 // GoString returns the string representation. 20737 // 20738 // API parameter values that are decorated as "sensitive" in the API will not 20739 // be included in the string output. The member name will be present, but the 20740 // value will be replaced with "sensitive". 20741 func (s ListDelegatedServicesForAccountInput) GoString() string { 20742 return s.String() 20743 } 20744 20745 // Validate inspects the fields of the type to determine if they are valid. 20746 func (s *ListDelegatedServicesForAccountInput) Validate() error { 20747 invalidParams := request.ErrInvalidParams{Context: "ListDelegatedServicesForAccountInput"} 20748 if s.AccountId == nil { 20749 invalidParams.Add(request.NewErrParamRequired("AccountId")) 20750 } 20751 if s.MaxResults != nil && *s.MaxResults < 1 { 20752 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20753 } 20754 20755 if invalidParams.Len() > 0 { 20756 return invalidParams 20757 } 20758 return nil 20759 } 20760 20761 // SetAccountId sets the AccountId field's value. 20762 func (s *ListDelegatedServicesForAccountInput) SetAccountId(v string) *ListDelegatedServicesForAccountInput { 20763 s.AccountId = &v 20764 return s 20765 } 20766 20767 // SetMaxResults sets the MaxResults field's value. 20768 func (s *ListDelegatedServicesForAccountInput) SetMaxResults(v int64) *ListDelegatedServicesForAccountInput { 20769 s.MaxResults = &v 20770 return s 20771 } 20772 20773 // SetNextToken sets the NextToken field's value. 20774 func (s *ListDelegatedServicesForAccountInput) SetNextToken(v string) *ListDelegatedServicesForAccountInput { 20775 s.NextToken = &v 20776 return s 20777 } 20778 20779 type ListDelegatedServicesForAccountOutput struct { 20780 _ struct{} `type:"structure"` 20781 20782 // The services for which the account is a delegated administrator. 20783 DelegatedServices []*DelegatedService `type:"list"` 20784 20785 // If present, indicates that more output is available than is included in the 20786 // current response. Use this value in the NextToken request parameter in a 20787 // subsequent call to the operation to get the next part of the output. You 20788 // should repeat this until the NextToken response element comes back as null. 20789 NextToken *string `type:"string"` 20790 } 20791 20792 // String returns the string representation. 20793 // 20794 // API parameter values that are decorated as "sensitive" in the API will not 20795 // be included in the string output. The member name will be present, but the 20796 // value will be replaced with "sensitive". 20797 func (s ListDelegatedServicesForAccountOutput) String() string { 20798 return awsutil.Prettify(s) 20799 } 20800 20801 // GoString returns the string representation. 20802 // 20803 // API parameter values that are decorated as "sensitive" in the API will not 20804 // be included in the string output. The member name will be present, but the 20805 // value will be replaced with "sensitive". 20806 func (s ListDelegatedServicesForAccountOutput) GoString() string { 20807 return s.String() 20808 } 20809 20810 // SetDelegatedServices sets the DelegatedServices field's value. 20811 func (s *ListDelegatedServicesForAccountOutput) SetDelegatedServices(v []*DelegatedService) *ListDelegatedServicesForAccountOutput { 20812 s.DelegatedServices = v 20813 return s 20814 } 20815 20816 // SetNextToken sets the NextToken field's value. 20817 func (s *ListDelegatedServicesForAccountOutput) SetNextToken(v string) *ListDelegatedServicesForAccountOutput { 20818 s.NextToken = &v 20819 return s 20820 } 20821 20822 type ListHandshakesForAccountInput struct { 20823 _ struct{} `type:"structure"` 20824 20825 // Filters the handshakes that you want included in the response. The default 20826 // is all types. Use the ActionType element to limit the output to only a specified 20827 // type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively, 20828 // for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake 20829 // for each member account, you can specify ParentHandshakeId to see only the 20830 // handshakes that were generated by that parent request. 20831 Filter *HandshakeFilter `type:"structure"` 20832 20833 // The total number of results that you want included on each page of the response. 20834 // If you do not include this parameter, it defaults to a value that is specific 20835 // to the operation. If additional items exist beyond the maximum you specify, 20836 // the NextToken response element is present and has a value (is not null). 20837 // Include that value as the NextToken request parameter in the next call to 20838 // the operation to get the next part of the results. Note that Organizations 20839 // might return fewer results than the maximum even when there are more results 20840 // available. You should check NextToken after every operation to ensure that 20841 // you receive all of the results. 20842 MaxResults *int64 `min:"1" type:"integer"` 20843 20844 // The parameter for receiving additional results if you receive a NextToken 20845 // response in a previous request. A NextToken response indicates that more 20846 // output is available. Set this parameter to the value of the previous call's 20847 // NextToken response to indicate where the output should continue from. 20848 NextToken *string `type:"string"` 20849 } 20850 20851 // String returns the string representation. 20852 // 20853 // API parameter values that are decorated as "sensitive" in the API will not 20854 // be included in the string output. The member name will be present, but the 20855 // value will be replaced with "sensitive". 20856 func (s ListHandshakesForAccountInput) String() string { 20857 return awsutil.Prettify(s) 20858 } 20859 20860 // GoString returns the string representation. 20861 // 20862 // API parameter values that are decorated as "sensitive" in the API will not 20863 // be included in the string output. The member name will be present, but the 20864 // value will be replaced with "sensitive". 20865 func (s ListHandshakesForAccountInput) GoString() string { 20866 return s.String() 20867 } 20868 20869 // Validate inspects the fields of the type to determine if they are valid. 20870 func (s *ListHandshakesForAccountInput) Validate() error { 20871 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"} 20872 if s.MaxResults != nil && *s.MaxResults < 1 { 20873 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20874 } 20875 20876 if invalidParams.Len() > 0 { 20877 return invalidParams 20878 } 20879 return nil 20880 } 20881 20882 // SetFilter sets the Filter field's value. 20883 func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput { 20884 s.Filter = v 20885 return s 20886 } 20887 20888 // SetMaxResults sets the MaxResults field's value. 20889 func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput { 20890 s.MaxResults = &v 20891 return s 20892 } 20893 20894 // SetNextToken sets the NextToken field's value. 20895 func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput { 20896 s.NextToken = &v 20897 return s 20898 } 20899 20900 type ListHandshakesForAccountOutput struct { 20901 _ struct{} `type:"structure"` 20902 20903 // A list of Handshake objects with details about each of the handshakes that 20904 // is associated with the specified account. 20905 Handshakes []*Handshake `type:"list"` 20906 20907 // If present, indicates that more output is available than is included in the 20908 // current response. Use this value in the NextToken request parameter in a 20909 // subsequent call to the operation to get the next part of the output. You 20910 // should repeat this until the NextToken response element comes back as null. 20911 NextToken *string `type:"string"` 20912 } 20913 20914 // String returns the string representation. 20915 // 20916 // API parameter values that are decorated as "sensitive" in the API will not 20917 // be included in the string output. The member name will be present, but the 20918 // value will be replaced with "sensitive". 20919 func (s ListHandshakesForAccountOutput) String() string { 20920 return awsutil.Prettify(s) 20921 } 20922 20923 // GoString returns the string representation. 20924 // 20925 // API parameter values that are decorated as "sensitive" in the API will not 20926 // be included in the string output. The member name will be present, but the 20927 // value will be replaced with "sensitive". 20928 func (s ListHandshakesForAccountOutput) GoString() string { 20929 return s.String() 20930 } 20931 20932 // SetHandshakes sets the Handshakes field's value. 20933 func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput { 20934 s.Handshakes = v 20935 return s 20936 } 20937 20938 // SetNextToken sets the NextToken field's value. 20939 func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput { 20940 s.NextToken = &v 20941 return s 20942 } 20943 20944 type ListHandshakesForOrganizationInput struct { 20945 _ struct{} `type:"structure"` 20946 20947 // A filter of the handshakes that you want included in the response. The default 20948 // is all types. Use the ActionType element to limit the output to only a specified 20949 // type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively, 20950 // for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake 20951 // for each member account, you can specify the ParentHandshakeId to see only 20952 // the handshakes that were generated by that parent request. 20953 Filter *HandshakeFilter `type:"structure"` 20954 20955 // The total number of results that you want included on each page of the response. 20956 // If you do not include this parameter, it defaults to a value that is specific 20957 // to the operation. If additional items exist beyond the maximum you specify, 20958 // the NextToken response element is present and has a value (is not null). 20959 // Include that value as the NextToken request parameter in the next call to 20960 // the operation to get the next part of the results. Note that Organizations 20961 // might return fewer results than the maximum even when there are more results 20962 // available. You should check NextToken after every operation to ensure that 20963 // you receive all of the results. 20964 MaxResults *int64 `min:"1" type:"integer"` 20965 20966 // The parameter for receiving additional results if you receive a NextToken 20967 // response in a previous request. A NextToken response indicates that more 20968 // output is available. Set this parameter to the value of the previous call's 20969 // NextToken response to indicate where the output should continue from. 20970 NextToken *string `type:"string"` 20971 } 20972 20973 // String returns the string representation. 20974 // 20975 // API parameter values that are decorated as "sensitive" in the API will not 20976 // be included in the string output. The member name will be present, but the 20977 // value will be replaced with "sensitive". 20978 func (s ListHandshakesForOrganizationInput) String() string { 20979 return awsutil.Prettify(s) 20980 } 20981 20982 // GoString returns the string representation. 20983 // 20984 // API parameter values that are decorated as "sensitive" in the API will not 20985 // be included in the string output. The member name will be present, but the 20986 // value will be replaced with "sensitive". 20987 func (s ListHandshakesForOrganizationInput) GoString() string { 20988 return s.String() 20989 } 20990 20991 // Validate inspects the fields of the type to determine if they are valid. 20992 func (s *ListHandshakesForOrganizationInput) Validate() error { 20993 invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"} 20994 if s.MaxResults != nil && *s.MaxResults < 1 { 20995 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 20996 } 20997 20998 if invalidParams.Len() > 0 { 20999 return invalidParams 21000 } 21001 return nil 21002 } 21003 21004 // SetFilter sets the Filter field's value. 21005 func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput { 21006 s.Filter = v 21007 return s 21008 } 21009 21010 // SetMaxResults sets the MaxResults field's value. 21011 func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput { 21012 s.MaxResults = &v 21013 return s 21014 } 21015 21016 // SetNextToken sets the NextToken field's value. 21017 func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput { 21018 s.NextToken = &v 21019 return s 21020 } 21021 21022 type ListHandshakesForOrganizationOutput struct { 21023 _ struct{} `type:"structure"` 21024 21025 // A list of Handshake objects with details about each of the handshakes that 21026 // are associated with an organization. 21027 Handshakes []*Handshake `type:"list"` 21028 21029 // If present, indicates that more output is available than is included in the 21030 // current response. Use this value in the NextToken request parameter in a 21031 // subsequent call to the operation to get the next part of the output. You 21032 // should repeat this until the NextToken response element comes back as null. 21033 NextToken *string `type:"string"` 21034 } 21035 21036 // String returns the string representation. 21037 // 21038 // API parameter values that are decorated as "sensitive" in the API will not 21039 // be included in the string output. The member name will be present, but the 21040 // value will be replaced with "sensitive". 21041 func (s ListHandshakesForOrganizationOutput) String() string { 21042 return awsutil.Prettify(s) 21043 } 21044 21045 // GoString returns the string representation. 21046 // 21047 // API parameter values that are decorated as "sensitive" in the API will not 21048 // be included in the string output. The member name will be present, but the 21049 // value will be replaced with "sensitive". 21050 func (s ListHandshakesForOrganizationOutput) GoString() string { 21051 return s.String() 21052 } 21053 21054 // SetHandshakes sets the Handshakes field's value. 21055 func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput { 21056 s.Handshakes = v 21057 return s 21058 } 21059 21060 // SetNextToken sets the NextToken field's value. 21061 func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput { 21062 s.NextToken = &v 21063 return s 21064 } 21065 21066 type ListOrganizationalUnitsForParentInput struct { 21067 _ struct{} `type:"structure"` 21068 21069 // The total number of results that you want included on each page of the response. 21070 // If you do not include this parameter, it defaults to a value that is specific 21071 // to the operation. If additional items exist beyond the maximum you specify, 21072 // the NextToken response element is present and has a value (is not null). 21073 // Include that value as the NextToken request parameter in the next call to 21074 // the operation to get the next part of the results. Note that Organizations 21075 // might return fewer results than the maximum even when there are more results 21076 // available. You should check NextToken after every operation to ensure that 21077 // you receive all of the results. 21078 MaxResults *int64 `min:"1" type:"integer"` 21079 21080 // The parameter for receiving additional results if you receive a NextToken 21081 // response in a previous request. A NextToken response indicates that more 21082 // output is available. Set this parameter to the value of the previous call's 21083 // NextToken response to indicate where the output should continue from. 21084 NextToken *string `type:"string"` 21085 21086 // The unique identifier (ID) of the root or OU whose child OUs you want to 21087 // list. 21088 // 21089 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 21090 // requires one of the following: 21091 // 21092 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 21093 // letters or digits. 21094 // 21095 // * Organizational unit (OU) - A string that begins with "ou-" followed 21096 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 21097 // OU is in). This string is followed by a second "-" dash and from 8 to 21098 // 32 additional lowercase letters or digits. 21099 // 21100 // ParentId is a required field 21101 ParentId *string `type:"string" required:"true"` 21102 } 21103 21104 // String returns the string representation. 21105 // 21106 // API parameter values that are decorated as "sensitive" in the API will not 21107 // be included in the string output. The member name will be present, but the 21108 // value will be replaced with "sensitive". 21109 func (s ListOrganizationalUnitsForParentInput) String() string { 21110 return awsutil.Prettify(s) 21111 } 21112 21113 // GoString returns the string representation. 21114 // 21115 // API parameter values that are decorated as "sensitive" in the API will not 21116 // be included in the string output. The member name will be present, but the 21117 // value will be replaced with "sensitive". 21118 func (s ListOrganizationalUnitsForParentInput) GoString() string { 21119 return s.String() 21120 } 21121 21122 // Validate inspects the fields of the type to determine if they are valid. 21123 func (s *ListOrganizationalUnitsForParentInput) Validate() error { 21124 invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"} 21125 if s.MaxResults != nil && *s.MaxResults < 1 { 21126 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 21127 } 21128 if s.ParentId == nil { 21129 invalidParams.Add(request.NewErrParamRequired("ParentId")) 21130 } 21131 21132 if invalidParams.Len() > 0 { 21133 return invalidParams 21134 } 21135 return nil 21136 } 21137 21138 // SetMaxResults sets the MaxResults field's value. 21139 func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput { 21140 s.MaxResults = &v 21141 return s 21142 } 21143 21144 // SetNextToken sets the NextToken field's value. 21145 func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput { 21146 s.NextToken = &v 21147 return s 21148 } 21149 21150 // SetParentId sets the ParentId field's value. 21151 func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput { 21152 s.ParentId = &v 21153 return s 21154 } 21155 21156 type ListOrganizationalUnitsForParentOutput struct { 21157 _ struct{} `type:"structure"` 21158 21159 // If present, indicates that more output is available than is included in the 21160 // current response. Use this value in the NextToken request parameter in a 21161 // subsequent call to the operation to get the next part of the output. You 21162 // should repeat this until the NextToken response element comes back as null. 21163 NextToken *string `type:"string"` 21164 21165 // A list of the OUs in the specified root or parent OU. 21166 OrganizationalUnits []*OrganizationalUnit `type:"list"` 21167 } 21168 21169 // String returns the string representation. 21170 // 21171 // API parameter values that are decorated as "sensitive" in the API will not 21172 // be included in the string output. The member name will be present, but the 21173 // value will be replaced with "sensitive". 21174 func (s ListOrganizationalUnitsForParentOutput) String() string { 21175 return awsutil.Prettify(s) 21176 } 21177 21178 // GoString returns the string representation. 21179 // 21180 // API parameter values that are decorated as "sensitive" in the API will not 21181 // be included in the string output. The member name will be present, but the 21182 // value will be replaced with "sensitive". 21183 func (s ListOrganizationalUnitsForParentOutput) GoString() string { 21184 return s.String() 21185 } 21186 21187 // SetNextToken sets the NextToken field's value. 21188 func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput { 21189 s.NextToken = &v 21190 return s 21191 } 21192 21193 // SetOrganizationalUnits sets the OrganizationalUnits field's value. 21194 func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput { 21195 s.OrganizationalUnits = v 21196 return s 21197 } 21198 21199 type ListParentsInput struct { 21200 _ struct{} `type:"structure"` 21201 21202 // The unique identifier (ID) of the OU or account whose parent containers you 21203 // want to list. Don't specify a root. 21204 // 21205 // The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string 21206 // requires one of the following: 21207 // 21208 // * Account - A string that consists of exactly 12 digits. 21209 // 21210 // * Organizational unit (OU) - A string that begins with "ou-" followed 21211 // by from 4 to 32 lowercase letters or digits (the ID of the root that contains 21212 // the OU). This string is followed by a second "-" dash and from 8 to 32 21213 // additional lowercase letters or digits. 21214 // 21215 // ChildId is a required field 21216 ChildId *string `type:"string" required:"true"` 21217 21218 // The total number of results that you want included on each page of the response. 21219 // If you do not include this parameter, it defaults to a value that is specific 21220 // to the operation. If additional items exist beyond the maximum you specify, 21221 // the NextToken response element is present and has a value (is not null). 21222 // Include that value as the NextToken request parameter in the next call to 21223 // the operation to get the next part of the results. Note that Organizations 21224 // might return fewer results than the maximum even when there are more results 21225 // available. You should check NextToken after every operation to ensure that 21226 // you receive all of the results. 21227 MaxResults *int64 `min:"1" type:"integer"` 21228 21229 // The parameter for receiving additional results if you receive a NextToken 21230 // response in a previous request. A NextToken response indicates that more 21231 // output is available. Set this parameter to the value of the previous call's 21232 // NextToken response to indicate where the output should continue from. 21233 NextToken *string `type:"string"` 21234 } 21235 21236 // String returns the string representation. 21237 // 21238 // API parameter values that are decorated as "sensitive" in the API will not 21239 // be included in the string output. The member name will be present, but the 21240 // value will be replaced with "sensitive". 21241 func (s ListParentsInput) String() string { 21242 return awsutil.Prettify(s) 21243 } 21244 21245 // GoString returns the string representation. 21246 // 21247 // API parameter values that are decorated as "sensitive" in the API will not 21248 // be included in the string output. The member name will be present, but the 21249 // value will be replaced with "sensitive". 21250 func (s ListParentsInput) GoString() string { 21251 return s.String() 21252 } 21253 21254 // Validate inspects the fields of the type to determine if they are valid. 21255 func (s *ListParentsInput) Validate() error { 21256 invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"} 21257 if s.ChildId == nil { 21258 invalidParams.Add(request.NewErrParamRequired("ChildId")) 21259 } 21260 if s.MaxResults != nil && *s.MaxResults < 1 { 21261 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 21262 } 21263 21264 if invalidParams.Len() > 0 { 21265 return invalidParams 21266 } 21267 return nil 21268 } 21269 21270 // SetChildId sets the ChildId field's value. 21271 func (s *ListParentsInput) SetChildId(v string) *ListParentsInput { 21272 s.ChildId = &v 21273 return s 21274 } 21275 21276 // SetMaxResults sets the MaxResults field's value. 21277 func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput { 21278 s.MaxResults = &v 21279 return s 21280 } 21281 21282 // SetNextToken sets the NextToken field's value. 21283 func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput { 21284 s.NextToken = &v 21285 return s 21286 } 21287 21288 type ListParentsOutput struct { 21289 _ struct{} `type:"structure"` 21290 21291 // If present, indicates that more output is available than is included in the 21292 // current response. Use this value in the NextToken request parameter in a 21293 // subsequent call to the operation to get the next part of the output. You 21294 // should repeat this until the NextToken response element comes back as null. 21295 NextToken *string `type:"string"` 21296 21297 // A list of parents for the specified child account or OU. 21298 Parents []*Parent `type:"list"` 21299 } 21300 21301 // String returns the string representation. 21302 // 21303 // API parameter values that are decorated as "sensitive" in the API will not 21304 // be included in the string output. The member name will be present, but the 21305 // value will be replaced with "sensitive". 21306 func (s ListParentsOutput) String() string { 21307 return awsutil.Prettify(s) 21308 } 21309 21310 // GoString returns the string representation. 21311 // 21312 // API parameter values that are decorated as "sensitive" in the API will not 21313 // be included in the string output. The member name will be present, but the 21314 // value will be replaced with "sensitive". 21315 func (s ListParentsOutput) GoString() string { 21316 return s.String() 21317 } 21318 21319 // SetNextToken sets the NextToken field's value. 21320 func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput { 21321 s.NextToken = &v 21322 return s 21323 } 21324 21325 // SetParents sets the Parents field's value. 21326 func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput { 21327 s.Parents = v 21328 return s 21329 } 21330 21331 type ListPoliciesForTargetInput struct { 21332 _ struct{} `type:"structure"` 21333 21334 // The type of policy that you want to include in the returned list. You must 21335 // specify one of the following values: 21336 // 21337 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 21338 // 21339 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 21340 // 21341 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 21342 // 21343 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 21344 // 21345 // Filter is a required field 21346 Filter *string `type:"string" required:"true" enum:"PolicyType"` 21347 21348 // The total number of results that you want included on each page of the response. 21349 // If you do not include this parameter, it defaults to a value that is specific 21350 // to the operation. If additional items exist beyond the maximum you specify, 21351 // the NextToken response element is present and has a value (is not null). 21352 // Include that value as the NextToken request parameter in the next call to 21353 // the operation to get the next part of the results. Note that Organizations 21354 // might return fewer results than the maximum even when there are more results 21355 // available. You should check NextToken after every operation to ensure that 21356 // you receive all of the results. 21357 MaxResults *int64 `min:"1" type:"integer"` 21358 21359 // The parameter for receiving additional results if you receive a NextToken 21360 // response in a previous request. A NextToken response indicates that more 21361 // output is available. Set this parameter to the value of the previous call's 21362 // NextToken response to indicate where the output should continue from. 21363 NextToken *string `type:"string"` 21364 21365 // The unique identifier (ID) of the root, organizational unit, or account whose 21366 // policies you want to list. 21367 // 21368 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 21369 // requires one of the following: 21370 // 21371 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 21372 // letters or digits. 21373 // 21374 // * Account - A string that consists of exactly 12 digits. 21375 // 21376 // * Organizational unit (OU) - A string that begins with "ou-" followed 21377 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 21378 // OU is in). This string is followed by a second "-" dash and from 8 to 21379 // 32 additional lowercase letters or digits. 21380 // 21381 // TargetId is a required field 21382 TargetId *string `type:"string" required:"true"` 21383 } 21384 21385 // String returns the string representation. 21386 // 21387 // API parameter values that are decorated as "sensitive" in the API will not 21388 // be included in the string output. The member name will be present, but the 21389 // value will be replaced with "sensitive". 21390 func (s ListPoliciesForTargetInput) String() string { 21391 return awsutil.Prettify(s) 21392 } 21393 21394 // GoString returns the string representation. 21395 // 21396 // API parameter values that are decorated as "sensitive" in the API will not 21397 // be included in the string output. The member name will be present, but the 21398 // value will be replaced with "sensitive". 21399 func (s ListPoliciesForTargetInput) GoString() string { 21400 return s.String() 21401 } 21402 21403 // Validate inspects the fields of the type to determine if they are valid. 21404 func (s *ListPoliciesForTargetInput) Validate() error { 21405 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"} 21406 if s.Filter == nil { 21407 invalidParams.Add(request.NewErrParamRequired("Filter")) 21408 } 21409 if s.MaxResults != nil && *s.MaxResults < 1 { 21410 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 21411 } 21412 if s.TargetId == nil { 21413 invalidParams.Add(request.NewErrParamRequired("TargetId")) 21414 } 21415 21416 if invalidParams.Len() > 0 { 21417 return invalidParams 21418 } 21419 return nil 21420 } 21421 21422 // SetFilter sets the Filter field's value. 21423 func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput { 21424 s.Filter = &v 21425 return s 21426 } 21427 21428 // SetMaxResults sets the MaxResults field's value. 21429 func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput { 21430 s.MaxResults = &v 21431 return s 21432 } 21433 21434 // SetNextToken sets the NextToken field's value. 21435 func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput { 21436 s.NextToken = &v 21437 return s 21438 } 21439 21440 // SetTargetId sets the TargetId field's value. 21441 func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput { 21442 s.TargetId = &v 21443 return s 21444 } 21445 21446 type ListPoliciesForTargetOutput struct { 21447 _ struct{} `type:"structure"` 21448 21449 // If present, indicates that more output is available than is included in the 21450 // current response. Use this value in the NextToken request parameter in a 21451 // subsequent call to the operation to get the next part of the output. You 21452 // should repeat this until the NextToken response element comes back as null. 21453 NextToken *string `type:"string"` 21454 21455 // The list of policies that match the criteria in the request. 21456 Policies []*PolicySummary `type:"list"` 21457 } 21458 21459 // String returns the string representation. 21460 // 21461 // API parameter values that are decorated as "sensitive" in the API will not 21462 // be included in the string output. The member name will be present, but the 21463 // value will be replaced with "sensitive". 21464 func (s ListPoliciesForTargetOutput) String() string { 21465 return awsutil.Prettify(s) 21466 } 21467 21468 // GoString returns the string representation. 21469 // 21470 // API parameter values that are decorated as "sensitive" in the API will not 21471 // be included in the string output. The member name will be present, but the 21472 // value will be replaced with "sensitive". 21473 func (s ListPoliciesForTargetOutput) GoString() string { 21474 return s.String() 21475 } 21476 21477 // SetNextToken sets the NextToken field's value. 21478 func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput { 21479 s.NextToken = &v 21480 return s 21481 } 21482 21483 // SetPolicies sets the Policies field's value. 21484 func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput { 21485 s.Policies = v 21486 return s 21487 } 21488 21489 type ListPoliciesInput struct { 21490 _ struct{} `type:"structure"` 21491 21492 // Specifies the type of policy that you want to include in the response. You 21493 // must specify one of the following values: 21494 // 21495 // * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html) 21496 // 21497 // * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html) 21498 // 21499 // * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) 21500 // 21501 // * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html) 21502 // 21503 // Filter is a required field 21504 Filter *string `type:"string" required:"true" enum:"PolicyType"` 21505 21506 // The total number of results that you want included on each page of the response. 21507 // If you do not include this parameter, it defaults to a value that is specific 21508 // to the operation. If additional items exist beyond the maximum you specify, 21509 // the NextToken response element is present and has a value (is not null). 21510 // Include that value as the NextToken request parameter in the next call to 21511 // the operation to get the next part of the results. Note that Organizations 21512 // might return fewer results than the maximum even when there are more results 21513 // available. You should check NextToken after every operation to ensure that 21514 // you receive all of the results. 21515 MaxResults *int64 `min:"1" type:"integer"` 21516 21517 // The parameter for receiving additional results if you receive a NextToken 21518 // response in a previous request. A NextToken response indicates that more 21519 // output is available. Set this parameter to the value of the previous call's 21520 // NextToken response to indicate where the output should continue from. 21521 NextToken *string `type:"string"` 21522 } 21523 21524 // String returns the string representation. 21525 // 21526 // API parameter values that are decorated as "sensitive" in the API will not 21527 // be included in the string output. The member name will be present, but the 21528 // value will be replaced with "sensitive". 21529 func (s ListPoliciesInput) String() string { 21530 return awsutil.Prettify(s) 21531 } 21532 21533 // GoString returns the string representation. 21534 // 21535 // API parameter values that are decorated as "sensitive" in the API will not 21536 // be included in the string output. The member name will be present, but the 21537 // value will be replaced with "sensitive". 21538 func (s ListPoliciesInput) GoString() string { 21539 return s.String() 21540 } 21541 21542 // Validate inspects the fields of the type to determine if they are valid. 21543 func (s *ListPoliciesInput) Validate() error { 21544 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"} 21545 if s.Filter == nil { 21546 invalidParams.Add(request.NewErrParamRequired("Filter")) 21547 } 21548 if s.MaxResults != nil && *s.MaxResults < 1 { 21549 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 21550 } 21551 21552 if invalidParams.Len() > 0 { 21553 return invalidParams 21554 } 21555 return nil 21556 } 21557 21558 // SetFilter sets the Filter field's value. 21559 func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput { 21560 s.Filter = &v 21561 return s 21562 } 21563 21564 // SetMaxResults sets the MaxResults field's value. 21565 func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput { 21566 s.MaxResults = &v 21567 return s 21568 } 21569 21570 // SetNextToken sets the NextToken field's value. 21571 func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput { 21572 s.NextToken = &v 21573 return s 21574 } 21575 21576 type ListPoliciesOutput struct { 21577 _ struct{} `type:"structure"` 21578 21579 // If present, indicates that more output is available than is included in the 21580 // current response. Use this value in the NextToken request parameter in a 21581 // subsequent call to the operation to get the next part of the output. You 21582 // should repeat this until the NextToken response element comes back as null. 21583 NextToken *string `type:"string"` 21584 21585 // A list of policies that match the filter criteria in the request. The output 21586 // list doesn't include the policy contents. To see the content for a policy, 21587 // see DescribePolicy. 21588 Policies []*PolicySummary `type:"list"` 21589 } 21590 21591 // String returns the string representation. 21592 // 21593 // API parameter values that are decorated as "sensitive" in the API will not 21594 // be included in the string output. The member name will be present, but the 21595 // value will be replaced with "sensitive". 21596 func (s ListPoliciesOutput) String() string { 21597 return awsutil.Prettify(s) 21598 } 21599 21600 // GoString returns the string representation. 21601 // 21602 // API parameter values that are decorated as "sensitive" in the API will not 21603 // be included in the string output. The member name will be present, but the 21604 // value will be replaced with "sensitive". 21605 func (s ListPoliciesOutput) GoString() string { 21606 return s.String() 21607 } 21608 21609 // SetNextToken sets the NextToken field's value. 21610 func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput { 21611 s.NextToken = &v 21612 return s 21613 } 21614 21615 // SetPolicies sets the Policies field's value. 21616 func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput { 21617 s.Policies = v 21618 return s 21619 } 21620 21621 type ListRootsInput struct { 21622 _ struct{} `type:"structure"` 21623 21624 // The total number of results that you want included on each page of the response. 21625 // If you do not include this parameter, it defaults to a value that is specific 21626 // to the operation. If additional items exist beyond the maximum you specify, 21627 // the NextToken response element is present and has a value (is not null). 21628 // Include that value as the NextToken request parameter in the next call to 21629 // the operation to get the next part of the results. Note that Organizations 21630 // might return fewer results than the maximum even when there are more results 21631 // available. You should check NextToken after every operation to ensure that 21632 // you receive all of the results. 21633 MaxResults *int64 `min:"1" type:"integer"` 21634 21635 // The parameter for receiving additional results if you receive a NextToken 21636 // response in a previous request. A NextToken response indicates that more 21637 // output is available. Set this parameter to the value of the previous call's 21638 // NextToken response to indicate where the output should continue from. 21639 NextToken *string `type:"string"` 21640 } 21641 21642 // String returns the string representation. 21643 // 21644 // API parameter values that are decorated as "sensitive" in the API will not 21645 // be included in the string output. The member name will be present, but the 21646 // value will be replaced with "sensitive". 21647 func (s ListRootsInput) String() string { 21648 return awsutil.Prettify(s) 21649 } 21650 21651 // GoString returns the string representation. 21652 // 21653 // API parameter values that are decorated as "sensitive" in the API will not 21654 // be included in the string output. The member name will be present, but the 21655 // value will be replaced with "sensitive". 21656 func (s ListRootsInput) GoString() string { 21657 return s.String() 21658 } 21659 21660 // Validate inspects the fields of the type to determine if they are valid. 21661 func (s *ListRootsInput) Validate() error { 21662 invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"} 21663 if s.MaxResults != nil && *s.MaxResults < 1 { 21664 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 21665 } 21666 21667 if invalidParams.Len() > 0 { 21668 return invalidParams 21669 } 21670 return nil 21671 } 21672 21673 // SetMaxResults sets the MaxResults field's value. 21674 func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput { 21675 s.MaxResults = &v 21676 return s 21677 } 21678 21679 // SetNextToken sets the NextToken field's value. 21680 func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput { 21681 s.NextToken = &v 21682 return s 21683 } 21684 21685 type ListRootsOutput struct { 21686 _ struct{} `type:"structure"` 21687 21688 // If present, indicates that more output is available than is included in the 21689 // current response. Use this value in the NextToken request parameter in a 21690 // subsequent call to the operation to get the next part of the output. You 21691 // should repeat this until the NextToken response element comes back as null. 21692 NextToken *string `type:"string"` 21693 21694 // A list of roots that are defined in an organization. 21695 Roots []*Root `type:"list"` 21696 } 21697 21698 // String returns the string representation. 21699 // 21700 // API parameter values that are decorated as "sensitive" in the API will not 21701 // be included in the string output. The member name will be present, but the 21702 // value will be replaced with "sensitive". 21703 func (s ListRootsOutput) String() string { 21704 return awsutil.Prettify(s) 21705 } 21706 21707 // GoString returns the string representation. 21708 // 21709 // API parameter values that are decorated as "sensitive" in the API will not 21710 // be included in the string output. The member name will be present, but the 21711 // value will be replaced with "sensitive". 21712 func (s ListRootsOutput) GoString() string { 21713 return s.String() 21714 } 21715 21716 // SetNextToken sets the NextToken field's value. 21717 func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput { 21718 s.NextToken = &v 21719 return s 21720 } 21721 21722 // SetRoots sets the Roots field's value. 21723 func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput { 21724 s.Roots = v 21725 return s 21726 } 21727 21728 type ListTagsForResourceInput struct { 21729 _ struct{} `type:"structure"` 21730 21731 // The parameter for receiving additional results if you receive a NextToken 21732 // response in a previous request. A NextToken response indicates that more 21733 // output is available. Set this parameter to the value of the previous call's 21734 // NextToken response to indicate where the output should continue from. 21735 NextToken *string `type:"string"` 21736 21737 // The ID of the resource with the tags to list. 21738 // 21739 // You can specify any of the following taggable resources. 21740 // 21741 // * AWS account – specify the account ID number. 21742 // 21743 // * Organizational unit – specify the OU ID that begins with ou- and looks 21744 // similar to: ou-1a2b-34uvwxyz 21745 // 21746 // * Root – specify the root ID that begins with r- and looks similar to: 21747 // r-1a2b 21748 // 21749 // * Policy – specify the policy ID that begins with p- andlooks similar 21750 // to: p-12abcdefg3 21751 // 21752 // ResourceId is a required field 21753 ResourceId *string `type:"string" required:"true"` 21754 } 21755 21756 // String returns the string representation. 21757 // 21758 // API parameter values that are decorated as "sensitive" in the API will not 21759 // be included in the string output. The member name will be present, but the 21760 // value will be replaced with "sensitive". 21761 func (s ListTagsForResourceInput) String() string { 21762 return awsutil.Prettify(s) 21763 } 21764 21765 // GoString returns the string representation. 21766 // 21767 // API parameter values that are decorated as "sensitive" in the API will not 21768 // be included in the string output. The member name will be present, but the 21769 // value will be replaced with "sensitive". 21770 func (s ListTagsForResourceInput) GoString() string { 21771 return s.String() 21772 } 21773 21774 // Validate inspects the fields of the type to determine if they are valid. 21775 func (s *ListTagsForResourceInput) Validate() error { 21776 invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} 21777 if s.ResourceId == nil { 21778 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 21779 } 21780 21781 if invalidParams.Len() > 0 { 21782 return invalidParams 21783 } 21784 return nil 21785 } 21786 21787 // SetNextToken sets the NextToken field's value. 21788 func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput { 21789 s.NextToken = &v 21790 return s 21791 } 21792 21793 // SetResourceId sets the ResourceId field's value. 21794 func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput { 21795 s.ResourceId = &v 21796 return s 21797 } 21798 21799 type ListTagsForResourceOutput struct { 21800 _ struct{} `type:"structure"` 21801 21802 // If present, indicates that more output is available than is included in the 21803 // current response. Use this value in the NextToken request parameter in a 21804 // subsequent call to the operation to get the next part of the output. You 21805 // should repeat this until the NextToken response element comes back as null. 21806 NextToken *string `type:"string"` 21807 21808 // The tags that are assigned to the resource. 21809 Tags []*Tag `type:"list"` 21810 } 21811 21812 // String returns the string representation. 21813 // 21814 // API parameter values that are decorated as "sensitive" in the API will not 21815 // be included in the string output. The member name will be present, but the 21816 // value will be replaced with "sensitive". 21817 func (s ListTagsForResourceOutput) String() string { 21818 return awsutil.Prettify(s) 21819 } 21820 21821 // GoString returns the string representation. 21822 // 21823 // API parameter values that are decorated as "sensitive" in the API will not 21824 // be included in the string output. The member name will be present, but the 21825 // value will be replaced with "sensitive". 21826 func (s ListTagsForResourceOutput) GoString() string { 21827 return s.String() 21828 } 21829 21830 // SetNextToken sets the NextToken field's value. 21831 func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput { 21832 s.NextToken = &v 21833 return s 21834 } 21835 21836 // SetTags sets the Tags field's value. 21837 func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { 21838 s.Tags = v 21839 return s 21840 } 21841 21842 type ListTargetsForPolicyInput struct { 21843 _ struct{} `type:"structure"` 21844 21845 // The total number of results that you want included on each page of the response. 21846 // If you do not include this parameter, it defaults to a value that is specific 21847 // to the operation. If additional items exist beyond the maximum you specify, 21848 // the NextToken response element is present and has a value (is not null). 21849 // Include that value as the NextToken request parameter in the next call to 21850 // the operation to get the next part of the results. Note that Organizations 21851 // might return fewer results than the maximum even when there are more results 21852 // available. You should check NextToken after every operation to ensure that 21853 // you receive all of the results. 21854 MaxResults *int64 `min:"1" type:"integer"` 21855 21856 // The parameter for receiving additional results if you receive a NextToken 21857 // response in a previous request. A NextToken response indicates that more 21858 // output is available. Set this parameter to the value of the previous call's 21859 // NextToken response to indicate where the output should continue from. 21860 NextToken *string `type:"string"` 21861 21862 // The unique identifier (ID) of the policy whose attachments you want to know. 21863 // 21864 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 21865 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 21866 // or the underscore character (_). 21867 // 21868 // PolicyId is a required field 21869 PolicyId *string `type:"string" required:"true"` 21870 } 21871 21872 // String returns the string representation. 21873 // 21874 // API parameter values that are decorated as "sensitive" in the API will not 21875 // be included in the string output. The member name will be present, but the 21876 // value will be replaced with "sensitive". 21877 func (s ListTargetsForPolicyInput) String() string { 21878 return awsutil.Prettify(s) 21879 } 21880 21881 // GoString returns the string representation. 21882 // 21883 // API parameter values that are decorated as "sensitive" in the API will not 21884 // be included in the string output. The member name will be present, but the 21885 // value will be replaced with "sensitive". 21886 func (s ListTargetsForPolicyInput) GoString() string { 21887 return s.String() 21888 } 21889 21890 // Validate inspects the fields of the type to determine if they are valid. 21891 func (s *ListTargetsForPolicyInput) Validate() error { 21892 invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"} 21893 if s.MaxResults != nil && *s.MaxResults < 1 { 21894 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 21895 } 21896 if s.PolicyId == nil { 21897 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 21898 } 21899 21900 if invalidParams.Len() > 0 { 21901 return invalidParams 21902 } 21903 return nil 21904 } 21905 21906 // SetMaxResults sets the MaxResults field's value. 21907 func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput { 21908 s.MaxResults = &v 21909 return s 21910 } 21911 21912 // SetNextToken sets the NextToken field's value. 21913 func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput { 21914 s.NextToken = &v 21915 return s 21916 } 21917 21918 // SetPolicyId sets the PolicyId field's value. 21919 func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput { 21920 s.PolicyId = &v 21921 return s 21922 } 21923 21924 type ListTargetsForPolicyOutput struct { 21925 _ struct{} `type:"structure"` 21926 21927 // If present, indicates that more output is available than is included in the 21928 // current response. Use this value in the NextToken request parameter in a 21929 // subsequent call to the operation to get the next part of the output. You 21930 // should repeat this until the NextToken response element comes back as null. 21931 NextToken *string `type:"string"` 21932 21933 // A list of structures, each of which contains details about one of the entities 21934 // to which the specified policy is attached. 21935 Targets []*PolicyTargetSummary `type:"list"` 21936 } 21937 21938 // String returns the string representation. 21939 // 21940 // API parameter values that are decorated as "sensitive" in the API will not 21941 // be included in the string output. The member name will be present, but the 21942 // value will be replaced with "sensitive". 21943 func (s ListTargetsForPolicyOutput) String() string { 21944 return awsutil.Prettify(s) 21945 } 21946 21947 // GoString returns the string representation. 21948 // 21949 // API parameter values that are decorated as "sensitive" in the API will not 21950 // be included in the string output. The member name will be present, but the 21951 // value will be replaced with "sensitive". 21952 func (s ListTargetsForPolicyOutput) GoString() string { 21953 return s.String() 21954 } 21955 21956 // SetNextToken sets the NextToken field's value. 21957 func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput { 21958 s.NextToken = &v 21959 return s 21960 } 21961 21962 // SetTargets sets the Targets field's value. 21963 func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput { 21964 s.Targets = v 21965 return s 21966 } 21967 21968 // The provided policy document doesn't meet the requirements of the specified 21969 // policy type. For example, the syntax might be incorrect. For details about 21970 // service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 21971 // in the AWS Organizations User Guide. 21972 type MalformedPolicyDocumentException struct { 21973 _ struct{} `type:"structure"` 21974 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 21975 21976 Message_ *string `locationName:"Message" type:"string"` 21977 } 21978 21979 // String returns the string representation. 21980 // 21981 // API parameter values that are decorated as "sensitive" in the API will not 21982 // be included in the string output. The member name will be present, but the 21983 // value will be replaced with "sensitive". 21984 func (s MalformedPolicyDocumentException) String() string { 21985 return awsutil.Prettify(s) 21986 } 21987 21988 // GoString returns the string representation. 21989 // 21990 // API parameter values that are decorated as "sensitive" in the API will not 21991 // be included in the string output. The member name will be present, but the 21992 // value will be replaced with "sensitive". 21993 func (s MalformedPolicyDocumentException) GoString() string { 21994 return s.String() 21995 } 21996 21997 func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error { 21998 return &MalformedPolicyDocumentException{ 21999 RespMetadata: v, 22000 } 22001 } 22002 22003 // Code returns the exception type name. 22004 func (s *MalformedPolicyDocumentException) Code() string { 22005 return "MalformedPolicyDocumentException" 22006 } 22007 22008 // Message returns the exception's message. 22009 func (s *MalformedPolicyDocumentException) Message() string { 22010 if s.Message_ != nil { 22011 return *s.Message_ 22012 } 22013 return "" 22014 } 22015 22016 // OrigErr always returns nil, satisfies awserr.Error interface. 22017 func (s *MalformedPolicyDocumentException) OrigErr() error { 22018 return nil 22019 } 22020 22021 func (s *MalformedPolicyDocumentException) Error() string { 22022 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22023 } 22024 22025 // Status code returns the HTTP status code for the request's response error. 22026 func (s *MalformedPolicyDocumentException) StatusCode() int { 22027 return s.RespMetadata.StatusCode 22028 } 22029 22030 // RequestID returns the service's response RequestID for request. 22031 func (s *MalformedPolicyDocumentException) RequestID() string { 22032 return s.RespMetadata.RequestID 22033 } 22034 22035 // You can't remove a management account from an organization. If you want the 22036 // management account to become a member account in another organization, you 22037 // must first delete the current organization of the management account. 22038 type MasterCannotLeaveOrganizationException struct { 22039 _ struct{} `type:"structure"` 22040 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22041 22042 Message_ *string `locationName:"Message" type:"string"` 22043 } 22044 22045 // String returns the string representation. 22046 // 22047 // API parameter values that are decorated as "sensitive" in the API will not 22048 // be included in the string output. The member name will be present, but the 22049 // value will be replaced with "sensitive". 22050 func (s MasterCannotLeaveOrganizationException) String() string { 22051 return awsutil.Prettify(s) 22052 } 22053 22054 // GoString returns the string representation. 22055 // 22056 // API parameter values that are decorated as "sensitive" in the API will not 22057 // be included in the string output. The member name will be present, but the 22058 // value will be replaced with "sensitive". 22059 func (s MasterCannotLeaveOrganizationException) GoString() string { 22060 return s.String() 22061 } 22062 22063 func newErrorMasterCannotLeaveOrganizationException(v protocol.ResponseMetadata) error { 22064 return &MasterCannotLeaveOrganizationException{ 22065 RespMetadata: v, 22066 } 22067 } 22068 22069 // Code returns the exception type name. 22070 func (s *MasterCannotLeaveOrganizationException) Code() string { 22071 return "MasterCannotLeaveOrganizationException" 22072 } 22073 22074 // Message returns the exception's message. 22075 func (s *MasterCannotLeaveOrganizationException) Message() string { 22076 if s.Message_ != nil { 22077 return *s.Message_ 22078 } 22079 return "" 22080 } 22081 22082 // OrigErr always returns nil, satisfies awserr.Error interface. 22083 func (s *MasterCannotLeaveOrganizationException) OrigErr() error { 22084 return nil 22085 } 22086 22087 func (s *MasterCannotLeaveOrganizationException) Error() string { 22088 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22089 } 22090 22091 // Status code returns the HTTP status code for the request's response error. 22092 func (s *MasterCannotLeaveOrganizationException) StatusCode() int { 22093 return s.RespMetadata.StatusCode 22094 } 22095 22096 // RequestID returns the service's response RequestID for request. 22097 func (s *MasterCannotLeaveOrganizationException) RequestID() string { 22098 return s.RespMetadata.RequestID 22099 } 22100 22101 type MoveAccountInput struct { 22102 _ struct{} `type:"structure"` 22103 22104 // The unique identifier (ID) of the account that you want to move. 22105 // 22106 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 22107 // requires exactly 12 digits. 22108 // 22109 // AccountId is a required field 22110 AccountId *string `type:"string" required:"true"` 22111 22112 // The unique identifier (ID) of the root or organizational unit that you want 22113 // to move the account to. 22114 // 22115 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 22116 // requires one of the following: 22117 // 22118 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 22119 // letters or digits. 22120 // 22121 // * Organizational unit (OU) - A string that begins with "ou-" followed 22122 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 22123 // OU is in). This string is followed by a second "-" dash and from 8 to 22124 // 32 additional lowercase letters or digits. 22125 // 22126 // DestinationParentId is a required field 22127 DestinationParentId *string `type:"string" required:"true"` 22128 22129 // The unique identifier (ID) of the root or organizational unit that you want 22130 // to move the account from. 22131 // 22132 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 22133 // requires one of the following: 22134 // 22135 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 22136 // letters or digits. 22137 // 22138 // * Organizational unit (OU) - A string that begins with "ou-" followed 22139 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 22140 // OU is in). This string is followed by a second "-" dash and from 8 to 22141 // 32 additional lowercase letters or digits. 22142 // 22143 // SourceParentId is a required field 22144 SourceParentId *string `type:"string" required:"true"` 22145 } 22146 22147 // String returns the string representation. 22148 // 22149 // API parameter values that are decorated as "sensitive" in the API will not 22150 // be included in the string output. The member name will be present, but the 22151 // value will be replaced with "sensitive". 22152 func (s MoveAccountInput) String() string { 22153 return awsutil.Prettify(s) 22154 } 22155 22156 // GoString returns the string representation. 22157 // 22158 // API parameter values that are decorated as "sensitive" in the API will not 22159 // be included in the string output. The member name will be present, but the 22160 // value will be replaced with "sensitive". 22161 func (s MoveAccountInput) GoString() string { 22162 return s.String() 22163 } 22164 22165 // Validate inspects the fields of the type to determine if they are valid. 22166 func (s *MoveAccountInput) Validate() error { 22167 invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"} 22168 if s.AccountId == nil { 22169 invalidParams.Add(request.NewErrParamRequired("AccountId")) 22170 } 22171 if s.DestinationParentId == nil { 22172 invalidParams.Add(request.NewErrParamRequired("DestinationParentId")) 22173 } 22174 if s.SourceParentId == nil { 22175 invalidParams.Add(request.NewErrParamRequired("SourceParentId")) 22176 } 22177 22178 if invalidParams.Len() > 0 { 22179 return invalidParams 22180 } 22181 return nil 22182 } 22183 22184 // SetAccountId sets the AccountId field's value. 22185 func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput { 22186 s.AccountId = &v 22187 return s 22188 } 22189 22190 // SetDestinationParentId sets the DestinationParentId field's value. 22191 func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput { 22192 s.DestinationParentId = &v 22193 return s 22194 } 22195 22196 // SetSourceParentId sets the SourceParentId field's value. 22197 func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput { 22198 s.SourceParentId = &v 22199 return s 22200 } 22201 22202 type MoveAccountOutput struct { 22203 _ struct{} `type:"structure"` 22204 } 22205 22206 // String returns the string representation. 22207 // 22208 // API parameter values that are decorated as "sensitive" in the API will not 22209 // be included in the string output. The member name will be present, but the 22210 // value will be replaced with "sensitive". 22211 func (s MoveAccountOutput) String() string { 22212 return awsutil.Prettify(s) 22213 } 22214 22215 // GoString returns the string representation. 22216 // 22217 // API parameter values that are decorated as "sensitive" in the API will not 22218 // be included in the string output. The member name will be present, but the 22219 // value will be replaced with "sensitive". 22220 func (s MoveAccountOutput) GoString() string { 22221 return s.String() 22222 } 22223 22224 // Contains details about an organization. An organization is a collection of 22225 // accounts that are centrally managed together using consolidated billing, 22226 // organized hierarchically with organizational units (OUs), and controlled 22227 // with policies . 22228 type Organization struct { 22229 _ struct{} `type:"structure"` 22230 22231 // The Amazon Resource Name (ARN) of an organization. 22232 // 22233 // For more information about ARNs in Organizations, see ARN Formats Supported 22234 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 22235 // in the AWS Service Authorization Reference. 22236 Arn *string `type:"string"` 22237 22238 // 22239 // Do not use. This field is deprecated and doesn't provide complete information 22240 // about the policies in your organization. 22241 // 22242 // To determine the policies that are enabled and available for use in your 22243 // organization, use the ListRoots operation instead. 22244 AvailablePolicyTypes []*PolicyTypeSummary `type:"list"` 22245 22246 // Specifies the functionality that currently is available to the organization. 22247 // If set to "ALL", then all features are enabled and policies can be applied 22248 // to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only 22249 // consolidated billing functionality is available. For more information, see 22250 // Enabling All Features in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 22251 // in the AWS Organizations User Guide. 22252 FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"` 22253 22254 // The unique identifier (ID) of an organization. 22255 // 22256 // The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID 22257 // string requires "o-" followed by from 10 to 32 lowercase letters or digits. 22258 Id *string `type:"string"` 22259 22260 // The Amazon Resource Name (ARN) of the account that is designated as the management 22261 // account for the organization. 22262 // 22263 // For more information about ARNs in Organizations, see ARN Formats Supported 22264 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 22265 // in the AWS Service Authorization Reference. 22266 MasterAccountArn *string `type:"string"` 22267 22268 // The email address that is associated with the AWS account that is designated 22269 // as the management account for the organization. 22270 // 22271 // MasterAccountEmail is a sensitive parameter and its value will be 22272 // replaced with "sensitive" in string returned by Organization's 22273 // String and GoString methods. 22274 MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"` 22275 22276 // The unique identifier (ID) of the management account of an organization. 22277 // 22278 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 22279 // requires exactly 12 digits. 22280 MasterAccountId *string `type:"string"` 22281 } 22282 22283 // String returns the string representation. 22284 // 22285 // API parameter values that are decorated as "sensitive" in the API will not 22286 // be included in the string output. The member name will be present, but the 22287 // value will be replaced with "sensitive". 22288 func (s Organization) String() string { 22289 return awsutil.Prettify(s) 22290 } 22291 22292 // GoString returns the string representation. 22293 // 22294 // API parameter values that are decorated as "sensitive" in the API will not 22295 // be included in the string output. The member name will be present, but the 22296 // value will be replaced with "sensitive". 22297 func (s Organization) GoString() string { 22298 return s.String() 22299 } 22300 22301 // SetArn sets the Arn field's value. 22302 func (s *Organization) SetArn(v string) *Organization { 22303 s.Arn = &v 22304 return s 22305 } 22306 22307 // SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value. 22308 func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization { 22309 s.AvailablePolicyTypes = v 22310 return s 22311 } 22312 22313 // SetFeatureSet sets the FeatureSet field's value. 22314 func (s *Organization) SetFeatureSet(v string) *Organization { 22315 s.FeatureSet = &v 22316 return s 22317 } 22318 22319 // SetId sets the Id field's value. 22320 func (s *Organization) SetId(v string) *Organization { 22321 s.Id = &v 22322 return s 22323 } 22324 22325 // SetMasterAccountArn sets the MasterAccountArn field's value. 22326 func (s *Organization) SetMasterAccountArn(v string) *Organization { 22327 s.MasterAccountArn = &v 22328 return s 22329 } 22330 22331 // SetMasterAccountEmail sets the MasterAccountEmail field's value. 22332 func (s *Organization) SetMasterAccountEmail(v string) *Organization { 22333 s.MasterAccountEmail = &v 22334 return s 22335 } 22336 22337 // SetMasterAccountId sets the MasterAccountId field's value. 22338 func (s *Organization) SetMasterAccountId(v string) *Organization { 22339 s.MasterAccountId = &v 22340 return s 22341 } 22342 22343 // The organization isn't empty. To delete an organization, you must first remove 22344 // all accounts except the management account, delete all OUs, and delete all 22345 // policies. 22346 type OrganizationNotEmptyException struct { 22347 _ struct{} `type:"structure"` 22348 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22349 22350 Message_ *string `locationName:"Message" type:"string"` 22351 } 22352 22353 // String returns the string representation. 22354 // 22355 // API parameter values that are decorated as "sensitive" in the API will not 22356 // be included in the string output. The member name will be present, but the 22357 // value will be replaced with "sensitive". 22358 func (s OrganizationNotEmptyException) String() string { 22359 return awsutil.Prettify(s) 22360 } 22361 22362 // GoString returns the string representation. 22363 // 22364 // API parameter values that are decorated as "sensitive" in the API will not 22365 // be included in the string output. The member name will be present, but the 22366 // value will be replaced with "sensitive". 22367 func (s OrganizationNotEmptyException) GoString() string { 22368 return s.String() 22369 } 22370 22371 func newErrorOrganizationNotEmptyException(v protocol.ResponseMetadata) error { 22372 return &OrganizationNotEmptyException{ 22373 RespMetadata: v, 22374 } 22375 } 22376 22377 // Code returns the exception type name. 22378 func (s *OrganizationNotEmptyException) Code() string { 22379 return "OrganizationNotEmptyException" 22380 } 22381 22382 // Message returns the exception's message. 22383 func (s *OrganizationNotEmptyException) Message() string { 22384 if s.Message_ != nil { 22385 return *s.Message_ 22386 } 22387 return "" 22388 } 22389 22390 // OrigErr always returns nil, satisfies awserr.Error interface. 22391 func (s *OrganizationNotEmptyException) OrigErr() error { 22392 return nil 22393 } 22394 22395 func (s *OrganizationNotEmptyException) Error() string { 22396 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22397 } 22398 22399 // Status code returns the HTTP status code for the request's response error. 22400 func (s *OrganizationNotEmptyException) StatusCode() int { 22401 return s.RespMetadata.StatusCode 22402 } 22403 22404 // RequestID returns the service's response RequestID for request. 22405 func (s *OrganizationNotEmptyException) RequestID() string { 22406 return s.RespMetadata.RequestID 22407 } 22408 22409 // Contains details about an organizational unit (OU). An OU is a container 22410 // of AWS accounts within a root of an organization. Policies that are attached 22411 // to an OU apply to all accounts contained in that OU and in any child OUs. 22412 type OrganizationalUnit struct { 22413 _ struct{} `type:"structure"` 22414 22415 // The Amazon Resource Name (ARN) of this OU. 22416 // 22417 // For more information about ARNs in Organizations, see ARN Formats Supported 22418 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 22419 // in the AWS Service Authorization Reference. 22420 Arn *string `type:"string"` 22421 22422 // The unique identifier (ID) associated with this OU. 22423 // 22424 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 22425 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 22426 // or digits (the ID of the root that contains the OU). This string is followed 22427 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 22428 Id *string `type:"string"` 22429 22430 // The friendly name of this OU. 22431 // 22432 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 22433 // this parameter is a string of any of the characters in the ASCII character 22434 // range. 22435 Name *string `min:"1" type:"string"` 22436 } 22437 22438 // String returns the string representation. 22439 // 22440 // API parameter values that are decorated as "sensitive" in the API will not 22441 // be included in the string output. The member name will be present, but the 22442 // value will be replaced with "sensitive". 22443 func (s OrganizationalUnit) String() string { 22444 return awsutil.Prettify(s) 22445 } 22446 22447 // GoString returns the string representation. 22448 // 22449 // API parameter values that are decorated as "sensitive" in the API will not 22450 // be included in the string output. The member name will be present, but the 22451 // value will be replaced with "sensitive". 22452 func (s OrganizationalUnit) GoString() string { 22453 return s.String() 22454 } 22455 22456 // SetArn sets the Arn field's value. 22457 func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit { 22458 s.Arn = &v 22459 return s 22460 } 22461 22462 // SetId sets the Id field's value. 22463 func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit { 22464 s.Id = &v 22465 return s 22466 } 22467 22468 // SetName sets the Name field's value. 22469 func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit { 22470 s.Name = &v 22471 return s 22472 } 22473 22474 // The specified OU is not empty. Move all accounts to another root or to other 22475 // OUs, remove all child OUs, and try the operation again. 22476 type OrganizationalUnitNotEmptyException struct { 22477 _ struct{} `type:"structure"` 22478 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22479 22480 Message_ *string `locationName:"Message" type:"string"` 22481 } 22482 22483 // String returns the string representation. 22484 // 22485 // API parameter values that are decorated as "sensitive" in the API will not 22486 // be included in the string output. The member name will be present, but the 22487 // value will be replaced with "sensitive". 22488 func (s OrganizationalUnitNotEmptyException) String() string { 22489 return awsutil.Prettify(s) 22490 } 22491 22492 // GoString returns the string representation. 22493 // 22494 // API parameter values that are decorated as "sensitive" in the API will not 22495 // be included in the string output. The member name will be present, but the 22496 // value will be replaced with "sensitive". 22497 func (s OrganizationalUnitNotEmptyException) GoString() string { 22498 return s.String() 22499 } 22500 22501 func newErrorOrganizationalUnitNotEmptyException(v protocol.ResponseMetadata) error { 22502 return &OrganizationalUnitNotEmptyException{ 22503 RespMetadata: v, 22504 } 22505 } 22506 22507 // Code returns the exception type name. 22508 func (s *OrganizationalUnitNotEmptyException) Code() string { 22509 return "OrganizationalUnitNotEmptyException" 22510 } 22511 22512 // Message returns the exception's message. 22513 func (s *OrganizationalUnitNotEmptyException) Message() string { 22514 if s.Message_ != nil { 22515 return *s.Message_ 22516 } 22517 return "" 22518 } 22519 22520 // OrigErr always returns nil, satisfies awserr.Error interface. 22521 func (s *OrganizationalUnitNotEmptyException) OrigErr() error { 22522 return nil 22523 } 22524 22525 func (s *OrganizationalUnitNotEmptyException) Error() string { 22526 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22527 } 22528 22529 // Status code returns the HTTP status code for the request's response error. 22530 func (s *OrganizationalUnitNotEmptyException) StatusCode() int { 22531 return s.RespMetadata.StatusCode 22532 } 22533 22534 // RequestID returns the service's response RequestID for request. 22535 func (s *OrganizationalUnitNotEmptyException) RequestID() string { 22536 return s.RespMetadata.RequestID 22537 } 22538 22539 // We can't find an OU with the OrganizationalUnitId that you specified. 22540 type OrganizationalUnitNotFoundException struct { 22541 _ struct{} `type:"structure"` 22542 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22543 22544 Message_ *string `locationName:"Message" type:"string"` 22545 } 22546 22547 // String returns the string representation. 22548 // 22549 // API parameter values that are decorated as "sensitive" in the API will not 22550 // be included in the string output. The member name will be present, but the 22551 // value will be replaced with "sensitive". 22552 func (s OrganizationalUnitNotFoundException) String() string { 22553 return awsutil.Prettify(s) 22554 } 22555 22556 // GoString returns the string representation. 22557 // 22558 // API parameter values that are decorated as "sensitive" in the API will not 22559 // be included in the string output. The member name will be present, but the 22560 // value will be replaced with "sensitive". 22561 func (s OrganizationalUnitNotFoundException) GoString() string { 22562 return s.String() 22563 } 22564 22565 func newErrorOrganizationalUnitNotFoundException(v protocol.ResponseMetadata) error { 22566 return &OrganizationalUnitNotFoundException{ 22567 RespMetadata: v, 22568 } 22569 } 22570 22571 // Code returns the exception type name. 22572 func (s *OrganizationalUnitNotFoundException) Code() string { 22573 return "OrganizationalUnitNotFoundException" 22574 } 22575 22576 // Message returns the exception's message. 22577 func (s *OrganizationalUnitNotFoundException) Message() string { 22578 if s.Message_ != nil { 22579 return *s.Message_ 22580 } 22581 return "" 22582 } 22583 22584 // OrigErr always returns nil, satisfies awserr.Error interface. 22585 func (s *OrganizationalUnitNotFoundException) OrigErr() error { 22586 return nil 22587 } 22588 22589 func (s *OrganizationalUnitNotFoundException) Error() string { 22590 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22591 } 22592 22593 // Status code returns the HTTP status code for the request's response error. 22594 func (s *OrganizationalUnitNotFoundException) StatusCode() int { 22595 return s.RespMetadata.StatusCode 22596 } 22597 22598 // RequestID returns the service's response RequestID for request. 22599 func (s *OrganizationalUnitNotFoundException) RequestID() string { 22600 return s.RespMetadata.RequestID 22601 } 22602 22603 // Contains information about either a root or an organizational unit (OU) that 22604 // can contain OUs or accounts in an organization. 22605 type Parent struct { 22606 _ struct{} `type:"structure"` 22607 22608 // The unique identifier (ID) of the parent entity. 22609 // 22610 // The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string 22611 // requires one of the following: 22612 // 22613 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 22614 // letters or digits. 22615 // 22616 // * Organizational unit (OU) - A string that begins with "ou-" followed 22617 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 22618 // OU is in). This string is followed by a second "-" dash and from 8 to 22619 // 32 additional lowercase letters or digits. 22620 Id *string `type:"string"` 22621 22622 // The type of the parent entity. 22623 Type *string `type:"string" enum:"ParentType"` 22624 } 22625 22626 // String returns the string representation. 22627 // 22628 // API parameter values that are decorated as "sensitive" in the API will not 22629 // be included in the string output. The member name will be present, but the 22630 // value will be replaced with "sensitive". 22631 func (s Parent) String() string { 22632 return awsutil.Prettify(s) 22633 } 22634 22635 // GoString returns the string representation. 22636 // 22637 // API parameter values that are decorated as "sensitive" in the API will not 22638 // be included in the string output. The member name will be present, but the 22639 // value will be replaced with "sensitive". 22640 func (s Parent) GoString() string { 22641 return s.String() 22642 } 22643 22644 // SetId sets the Id field's value. 22645 func (s *Parent) SetId(v string) *Parent { 22646 s.Id = &v 22647 return s 22648 } 22649 22650 // SetType sets the Type field's value. 22651 func (s *Parent) SetType(v string) *Parent { 22652 s.Type = &v 22653 return s 22654 } 22655 22656 // We can't find a root or OU with the ParentId that you specified. 22657 type ParentNotFoundException struct { 22658 _ struct{} `type:"structure"` 22659 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22660 22661 Message_ *string `locationName:"Message" type:"string"` 22662 } 22663 22664 // String returns the string representation. 22665 // 22666 // API parameter values that are decorated as "sensitive" in the API will not 22667 // be included in the string output. The member name will be present, but the 22668 // value will be replaced with "sensitive". 22669 func (s ParentNotFoundException) String() string { 22670 return awsutil.Prettify(s) 22671 } 22672 22673 // GoString returns the string representation. 22674 // 22675 // API parameter values that are decorated as "sensitive" in the API will not 22676 // be included in the string output. The member name will be present, but the 22677 // value will be replaced with "sensitive". 22678 func (s ParentNotFoundException) GoString() string { 22679 return s.String() 22680 } 22681 22682 func newErrorParentNotFoundException(v protocol.ResponseMetadata) error { 22683 return &ParentNotFoundException{ 22684 RespMetadata: v, 22685 } 22686 } 22687 22688 // Code returns the exception type name. 22689 func (s *ParentNotFoundException) Code() string { 22690 return "ParentNotFoundException" 22691 } 22692 22693 // Message returns the exception's message. 22694 func (s *ParentNotFoundException) Message() string { 22695 if s.Message_ != nil { 22696 return *s.Message_ 22697 } 22698 return "" 22699 } 22700 22701 // OrigErr always returns nil, satisfies awserr.Error interface. 22702 func (s *ParentNotFoundException) OrigErr() error { 22703 return nil 22704 } 22705 22706 func (s *ParentNotFoundException) Error() string { 22707 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22708 } 22709 22710 // Status code returns the HTTP status code for the request's response error. 22711 func (s *ParentNotFoundException) StatusCode() int { 22712 return s.RespMetadata.StatusCode 22713 } 22714 22715 // RequestID returns the service's response RequestID for request. 22716 func (s *ParentNotFoundException) RequestID() string { 22717 return s.RespMetadata.RequestID 22718 } 22719 22720 // Contains rules to be applied to the affected accounts. Policies can be attached 22721 // directly to accounts, or to roots and OUs to affect all accounts in those 22722 // hierarchies. 22723 type Policy struct { 22724 _ struct{} `type:"structure"` 22725 22726 // The text content of the policy. 22727 Content *string `min:"1" type:"string"` 22728 22729 // A structure that contains additional details about the policy. 22730 PolicySummary *PolicySummary `type:"structure"` 22731 } 22732 22733 // String returns the string representation. 22734 // 22735 // API parameter values that are decorated as "sensitive" in the API will not 22736 // be included in the string output. The member name will be present, but the 22737 // value will be replaced with "sensitive". 22738 func (s Policy) String() string { 22739 return awsutil.Prettify(s) 22740 } 22741 22742 // GoString returns the string representation. 22743 // 22744 // API parameter values that are decorated as "sensitive" in the API will not 22745 // be included in the string output. The member name will be present, but the 22746 // value will be replaced with "sensitive". 22747 func (s Policy) GoString() string { 22748 return s.String() 22749 } 22750 22751 // SetContent sets the Content field's value. 22752 func (s *Policy) SetContent(v string) *Policy { 22753 s.Content = &v 22754 return s 22755 } 22756 22757 // SetPolicySummary sets the PolicySummary field's value. 22758 func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy { 22759 s.PolicySummary = v 22760 return s 22761 } 22762 22763 // Changes to the effective policy are in progress, and its contents can't be 22764 // returned. Try the operation again later. 22765 type PolicyChangesInProgressException struct { 22766 _ struct{} `type:"structure"` 22767 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22768 22769 Message_ *string `locationName:"Message" type:"string"` 22770 } 22771 22772 // String returns the string representation. 22773 // 22774 // API parameter values that are decorated as "sensitive" in the API will not 22775 // be included in the string output. The member name will be present, but the 22776 // value will be replaced with "sensitive". 22777 func (s PolicyChangesInProgressException) String() string { 22778 return awsutil.Prettify(s) 22779 } 22780 22781 // GoString returns the string representation. 22782 // 22783 // API parameter values that are decorated as "sensitive" in the API will not 22784 // be included in the string output. The member name will be present, but the 22785 // value will be replaced with "sensitive". 22786 func (s PolicyChangesInProgressException) GoString() string { 22787 return s.String() 22788 } 22789 22790 func newErrorPolicyChangesInProgressException(v protocol.ResponseMetadata) error { 22791 return &PolicyChangesInProgressException{ 22792 RespMetadata: v, 22793 } 22794 } 22795 22796 // Code returns the exception type name. 22797 func (s *PolicyChangesInProgressException) Code() string { 22798 return "PolicyChangesInProgressException" 22799 } 22800 22801 // Message returns the exception's message. 22802 func (s *PolicyChangesInProgressException) Message() string { 22803 if s.Message_ != nil { 22804 return *s.Message_ 22805 } 22806 return "" 22807 } 22808 22809 // OrigErr always returns nil, satisfies awserr.Error interface. 22810 func (s *PolicyChangesInProgressException) OrigErr() error { 22811 return nil 22812 } 22813 22814 func (s *PolicyChangesInProgressException) Error() string { 22815 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22816 } 22817 22818 // Status code returns the HTTP status code for the request's response error. 22819 func (s *PolicyChangesInProgressException) StatusCode() int { 22820 return s.RespMetadata.StatusCode 22821 } 22822 22823 // RequestID returns the service's response RequestID for request. 22824 func (s *PolicyChangesInProgressException) RequestID() string { 22825 return s.RespMetadata.RequestID 22826 } 22827 22828 // The policy is attached to one or more entities. You must detach it from all 22829 // roots, OUs, and accounts before performing this operation. 22830 type PolicyInUseException struct { 22831 _ struct{} `type:"structure"` 22832 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22833 22834 Message_ *string `locationName:"Message" type:"string"` 22835 } 22836 22837 // String returns the string representation. 22838 // 22839 // API parameter values that are decorated as "sensitive" in the API will not 22840 // be included in the string output. The member name will be present, but the 22841 // value will be replaced with "sensitive". 22842 func (s PolicyInUseException) String() string { 22843 return awsutil.Prettify(s) 22844 } 22845 22846 // GoString returns the string representation. 22847 // 22848 // API parameter values that are decorated as "sensitive" in the API will not 22849 // be included in the string output. The member name will be present, but the 22850 // value will be replaced with "sensitive". 22851 func (s PolicyInUseException) GoString() string { 22852 return s.String() 22853 } 22854 22855 func newErrorPolicyInUseException(v protocol.ResponseMetadata) error { 22856 return &PolicyInUseException{ 22857 RespMetadata: v, 22858 } 22859 } 22860 22861 // Code returns the exception type name. 22862 func (s *PolicyInUseException) Code() string { 22863 return "PolicyInUseException" 22864 } 22865 22866 // Message returns the exception's message. 22867 func (s *PolicyInUseException) Message() string { 22868 if s.Message_ != nil { 22869 return *s.Message_ 22870 } 22871 return "" 22872 } 22873 22874 // OrigErr always returns nil, satisfies awserr.Error interface. 22875 func (s *PolicyInUseException) OrigErr() error { 22876 return nil 22877 } 22878 22879 func (s *PolicyInUseException) Error() string { 22880 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22881 } 22882 22883 // Status code returns the HTTP status code for the request's response error. 22884 func (s *PolicyInUseException) StatusCode() int { 22885 return s.RespMetadata.StatusCode 22886 } 22887 22888 // RequestID returns the service's response RequestID for request. 22889 func (s *PolicyInUseException) RequestID() string { 22890 return s.RespMetadata.RequestID 22891 } 22892 22893 // The policy isn't attached to the specified target in the specified root. 22894 type PolicyNotAttachedException struct { 22895 _ struct{} `type:"structure"` 22896 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22897 22898 Message_ *string `locationName:"Message" type:"string"` 22899 } 22900 22901 // String returns the string representation. 22902 // 22903 // API parameter values that are decorated as "sensitive" in the API will not 22904 // be included in the string output. The member name will be present, but the 22905 // value will be replaced with "sensitive". 22906 func (s PolicyNotAttachedException) String() string { 22907 return awsutil.Prettify(s) 22908 } 22909 22910 // GoString returns the string representation. 22911 // 22912 // API parameter values that are decorated as "sensitive" in the API will not 22913 // be included in the string output. The member name will be present, but the 22914 // value will be replaced with "sensitive". 22915 func (s PolicyNotAttachedException) GoString() string { 22916 return s.String() 22917 } 22918 22919 func newErrorPolicyNotAttachedException(v protocol.ResponseMetadata) error { 22920 return &PolicyNotAttachedException{ 22921 RespMetadata: v, 22922 } 22923 } 22924 22925 // Code returns the exception type name. 22926 func (s *PolicyNotAttachedException) Code() string { 22927 return "PolicyNotAttachedException" 22928 } 22929 22930 // Message returns the exception's message. 22931 func (s *PolicyNotAttachedException) Message() string { 22932 if s.Message_ != nil { 22933 return *s.Message_ 22934 } 22935 return "" 22936 } 22937 22938 // OrigErr always returns nil, satisfies awserr.Error interface. 22939 func (s *PolicyNotAttachedException) OrigErr() error { 22940 return nil 22941 } 22942 22943 func (s *PolicyNotAttachedException) Error() string { 22944 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 22945 } 22946 22947 // Status code returns the HTTP status code for the request's response error. 22948 func (s *PolicyNotAttachedException) StatusCode() int { 22949 return s.RespMetadata.StatusCode 22950 } 22951 22952 // RequestID returns the service's response RequestID for request. 22953 func (s *PolicyNotAttachedException) RequestID() string { 22954 return s.RespMetadata.RequestID 22955 } 22956 22957 // We can't find a policy with the PolicyId that you specified. 22958 type PolicyNotFoundException struct { 22959 _ struct{} `type:"structure"` 22960 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 22961 22962 Message_ *string `locationName:"Message" type:"string"` 22963 } 22964 22965 // String returns the string representation. 22966 // 22967 // API parameter values that are decorated as "sensitive" in the API will not 22968 // be included in the string output. The member name will be present, but the 22969 // value will be replaced with "sensitive". 22970 func (s PolicyNotFoundException) String() string { 22971 return awsutil.Prettify(s) 22972 } 22973 22974 // GoString returns the string representation. 22975 // 22976 // API parameter values that are decorated as "sensitive" in the API will not 22977 // be included in the string output. The member name will be present, but the 22978 // value will be replaced with "sensitive". 22979 func (s PolicyNotFoundException) GoString() string { 22980 return s.String() 22981 } 22982 22983 func newErrorPolicyNotFoundException(v protocol.ResponseMetadata) error { 22984 return &PolicyNotFoundException{ 22985 RespMetadata: v, 22986 } 22987 } 22988 22989 // Code returns the exception type name. 22990 func (s *PolicyNotFoundException) Code() string { 22991 return "PolicyNotFoundException" 22992 } 22993 22994 // Message returns the exception's message. 22995 func (s *PolicyNotFoundException) Message() string { 22996 if s.Message_ != nil { 22997 return *s.Message_ 22998 } 22999 return "" 23000 } 23001 23002 // OrigErr always returns nil, satisfies awserr.Error interface. 23003 func (s *PolicyNotFoundException) OrigErr() error { 23004 return nil 23005 } 23006 23007 func (s *PolicyNotFoundException) Error() string { 23008 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 23009 } 23010 23011 // Status code returns the HTTP status code for the request's response error. 23012 func (s *PolicyNotFoundException) StatusCode() int { 23013 return s.RespMetadata.StatusCode 23014 } 23015 23016 // RequestID returns the service's response RequestID for request. 23017 func (s *PolicyNotFoundException) RequestID() string { 23018 return s.RespMetadata.RequestID 23019 } 23020 23021 // Contains information about a policy, but does not include the content. To 23022 // see the content of a policy, see DescribePolicy. 23023 type PolicySummary struct { 23024 _ struct{} `type:"structure"` 23025 23026 // The Amazon Resource Name (ARN) of the policy. 23027 // 23028 // For more information about ARNs in Organizations, see ARN Formats Supported 23029 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 23030 // in the AWS Service Authorization Reference. 23031 Arn *string `type:"string"` 23032 23033 // A boolean value that indicates whether the specified policy is an AWS managed 23034 // policy. If true, then you can attach the policy to roots, OUs, or accounts, 23035 // but you cannot edit it. 23036 AwsManaged *bool `type:"boolean"` 23037 23038 // The description of the policy. 23039 Description *string `type:"string"` 23040 23041 // The unique identifier (ID) of the policy. 23042 // 23043 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 23044 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 23045 // or the underscore character (_). 23046 Id *string `type:"string"` 23047 23048 // The friendly name of the policy. 23049 // 23050 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 23051 // this parameter is a string of any of the characters in the ASCII character 23052 // range. 23053 Name *string `min:"1" type:"string"` 23054 23055 // The type of policy. 23056 Type *string `type:"string" enum:"PolicyType"` 23057 } 23058 23059 // String returns the string representation. 23060 // 23061 // API parameter values that are decorated as "sensitive" in the API will not 23062 // be included in the string output. The member name will be present, but the 23063 // value will be replaced with "sensitive". 23064 func (s PolicySummary) String() string { 23065 return awsutil.Prettify(s) 23066 } 23067 23068 // GoString returns the string representation. 23069 // 23070 // API parameter values that are decorated as "sensitive" in the API will not 23071 // be included in the string output. The member name will be present, but the 23072 // value will be replaced with "sensitive". 23073 func (s PolicySummary) GoString() string { 23074 return s.String() 23075 } 23076 23077 // SetArn sets the Arn field's value. 23078 func (s *PolicySummary) SetArn(v string) *PolicySummary { 23079 s.Arn = &v 23080 return s 23081 } 23082 23083 // SetAwsManaged sets the AwsManaged field's value. 23084 func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary { 23085 s.AwsManaged = &v 23086 return s 23087 } 23088 23089 // SetDescription sets the Description field's value. 23090 func (s *PolicySummary) SetDescription(v string) *PolicySummary { 23091 s.Description = &v 23092 return s 23093 } 23094 23095 // SetId sets the Id field's value. 23096 func (s *PolicySummary) SetId(v string) *PolicySummary { 23097 s.Id = &v 23098 return s 23099 } 23100 23101 // SetName sets the Name field's value. 23102 func (s *PolicySummary) SetName(v string) *PolicySummary { 23103 s.Name = &v 23104 return s 23105 } 23106 23107 // SetType sets the Type field's value. 23108 func (s *PolicySummary) SetType(v string) *PolicySummary { 23109 s.Type = &v 23110 return s 23111 } 23112 23113 // Contains information about a root, OU, or account that a policy is attached 23114 // to. 23115 type PolicyTargetSummary struct { 23116 _ struct{} `type:"structure"` 23117 23118 // The Amazon Resource Name (ARN) of the policy target. 23119 // 23120 // For more information about ARNs in Organizations, see ARN Formats Supported 23121 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 23122 // in the AWS Service Authorization Reference. 23123 Arn *string `type:"string"` 23124 23125 // The friendly name of the policy target. 23126 // 23127 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 23128 // this parameter is a string of any of the characters in the ASCII character 23129 // range. 23130 Name *string `min:"1" type:"string"` 23131 23132 // The unique identifier (ID) of the policy target. 23133 // 23134 // The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string 23135 // requires one of the following: 23136 // 23137 // * Root - A string that begins with "r-" followed by from 4 to 32 lowercase 23138 // letters or digits. 23139 // 23140 // * Account - A string that consists of exactly 12 digits. 23141 // 23142 // * Organizational unit (OU) - A string that begins with "ou-" followed 23143 // by from 4 to 32 lowercase letters or digits (the ID of the root that the 23144 // OU is in). This string is followed by a second "-" dash and from 8 to 23145 // 32 additional lowercase letters or digits. 23146 TargetId *string `type:"string"` 23147 23148 // The type of the policy target. 23149 Type *string `type:"string" enum:"TargetType"` 23150 } 23151 23152 // String returns the string representation. 23153 // 23154 // API parameter values that are decorated as "sensitive" in the API will not 23155 // be included in the string output. The member name will be present, but the 23156 // value will be replaced with "sensitive". 23157 func (s PolicyTargetSummary) String() string { 23158 return awsutil.Prettify(s) 23159 } 23160 23161 // GoString returns the string representation. 23162 // 23163 // API parameter values that are decorated as "sensitive" in the API will not 23164 // be included in the string output. The member name will be present, but the 23165 // value will be replaced with "sensitive". 23166 func (s PolicyTargetSummary) GoString() string { 23167 return s.String() 23168 } 23169 23170 // SetArn sets the Arn field's value. 23171 func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary { 23172 s.Arn = &v 23173 return s 23174 } 23175 23176 // SetName sets the Name field's value. 23177 func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary { 23178 s.Name = &v 23179 return s 23180 } 23181 23182 // SetTargetId sets the TargetId field's value. 23183 func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary { 23184 s.TargetId = &v 23185 return s 23186 } 23187 23188 // SetType sets the Type field's value. 23189 func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary { 23190 s.Type = &v 23191 return s 23192 } 23193 23194 // The specified policy type is already enabled in the specified root. 23195 type PolicyTypeAlreadyEnabledException struct { 23196 _ struct{} `type:"structure"` 23197 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 23198 23199 Message_ *string `locationName:"Message" type:"string"` 23200 } 23201 23202 // String returns the string representation. 23203 // 23204 // API parameter values that are decorated as "sensitive" in the API will not 23205 // be included in the string output. The member name will be present, but the 23206 // value will be replaced with "sensitive". 23207 func (s PolicyTypeAlreadyEnabledException) String() string { 23208 return awsutil.Prettify(s) 23209 } 23210 23211 // GoString returns the string representation. 23212 // 23213 // API parameter values that are decorated as "sensitive" in the API will not 23214 // be included in the string output. The member name will be present, but the 23215 // value will be replaced with "sensitive". 23216 func (s PolicyTypeAlreadyEnabledException) GoString() string { 23217 return s.String() 23218 } 23219 23220 func newErrorPolicyTypeAlreadyEnabledException(v protocol.ResponseMetadata) error { 23221 return &PolicyTypeAlreadyEnabledException{ 23222 RespMetadata: v, 23223 } 23224 } 23225 23226 // Code returns the exception type name. 23227 func (s *PolicyTypeAlreadyEnabledException) Code() string { 23228 return "PolicyTypeAlreadyEnabledException" 23229 } 23230 23231 // Message returns the exception's message. 23232 func (s *PolicyTypeAlreadyEnabledException) Message() string { 23233 if s.Message_ != nil { 23234 return *s.Message_ 23235 } 23236 return "" 23237 } 23238 23239 // OrigErr always returns nil, satisfies awserr.Error interface. 23240 func (s *PolicyTypeAlreadyEnabledException) OrigErr() error { 23241 return nil 23242 } 23243 23244 func (s *PolicyTypeAlreadyEnabledException) Error() string { 23245 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 23246 } 23247 23248 // Status code returns the HTTP status code for the request's response error. 23249 func (s *PolicyTypeAlreadyEnabledException) StatusCode() int { 23250 return s.RespMetadata.StatusCode 23251 } 23252 23253 // RequestID returns the service's response RequestID for request. 23254 func (s *PolicyTypeAlreadyEnabledException) RequestID() string { 23255 return s.RespMetadata.RequestID 23256 } 23257 23258 // You can't use the specified policy type with the feature set currently enabled 23259 // for this organization. For example, you can enable SCPs only after you enable 23260 // all features in the organization. For more information, see Managing AWS 23261 // Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in 23262 // the AWS Organizations User Guide. 23263 type PolicyTypeNotAvailableForOrganizationException struct { 23264 _ struct{} `type:"structure"` 23265 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 23266 23267 Message_ *string `locationName:"Message" type:"string"` 23268 } 23269 23270 // String returns the string representation. 23271 // 23272 // API parameter values that are decorated as "sensitive" in the API will not 23273 // be included in the string output. The member name will be present, but the 23274 // value will be replaced with "sensitive". 23275 func (s PolicyTypeNotAvailableForOrganizationException) String() string { 23276 return awsutil.Prettify(s) 23277 } 23278 23279 // GoString returns the string representation. 23280 // 23281 // API parameter values that are decorated as "sensitive" in the API will not 23282 // be included in the string output. The member name will be present, but the 23283 // value will be replaced with "sensitive". 23284 func (s PolicyTypeNotAvailableForOrganizationException) GoString() string { 23285 return s.String() 23286 } 23287 23288 func newErrorPolicyTypeNotAvailableForOrganizationException(v protocol.ResponseMetadata) error { 23289 return &PolicyTypeNotAvailableForOrganizationException{ 23290 RespMetadata: v, 23291 } 23292 } 23293 23294 // Code returns the exception type name. 23295 func (s *PolicyTypeNotAvailableForOrganizationException) Code() string { 23296 return "PolicyTypeNotAvailableForOrganizationException" 23297 } 23298 23299 // Message returns the exception's message. 23300 func (s *PolicyTypeNotAvailableForOrganizationException) Message() string { 23301 if s.Message_ != nil { 23302 return *s.Message_ 23303 } 23304 return "" 23305 } 23306 23307 // OrigErr always returns nil, satisfies awserr.Error interface. 23308 func (s *PolicyTypeNotAvailableForOrganizationException) OrigErr() error { 23309 return nil 23310 } 23311 23312 func (s *PolicyTypeNotAvailableForOrganizationException) Error() string { 23313 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 23314 } 23315 23316 // Status code returns the HTTP status code for the request's response error. 23317 func (s *PolicyTypeNotAvailableForOrganizationException) StatusCode() int { 23318 return s.RespMetadata.StatusCode 23319 } 23320 23321 // RequestID returns the service's response RequestID for request. 23322 func (s *PolicyTypeNotAvailableForOrganizationException) RequestID() string { 23323 return s.RespMetadata.RequestID 23324 } 23325 23326 // The specified policy type isn't currently enabled in this root. You can't 23327 // attach policies of the specified type to entities in a root until you enable 23328 // that type in the root. For more information, see Enabling All Features in 23329 // Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) 23330 // in the AWS Organizations User Guide. 23331 type PolicyTypeNotEnabledException struct { 23332 _ struct{} `type:"structure"` 23333 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 23334 23335 Message_ *string `locationName:"Message" type:"string"` 23336 } 23337 23338 // String returns the string representation. 23339 // 23340 // API parameter values that are decorated as "sensitive" in the API will not 23341 // be included in the string output. The member name will be present, but the 23342 // value will be replaced with "sensitive". 23343 func (s PolicyTypeNotEnabledException) String() string { 23344 return awsutil.Prettify(s) 23345 } 23346 23347 // GoString returns the string representation. 23348 // 23349 // API parameter values that are decorated as "sensitive" in the API will not 23350 // be included in the string output. The member name will be present, but the 23351 // value will be replaced with "sensitive". 23352 func (s PolicyTypeNotEnabledException) GoString() string { 23353 return s.String() 23354 } 23355 23356 func newErrorPolicyTypeNotEnabledException(v protocol.ResponseMetadata) error { 23357 return &PolicyTypeNotEnabledException{ 23358 RespMetadata: v, 23359 } 23360 } 23361 23362 // Code returns the exception type name. 23363 func (s *PolicyTypeNotEnabledException) Code() string { 23364 return "PolicyTypeNotEnabledException" 23365 } 23366 23367 // Message returns the exception's message. 23368 func (s *PolicyTypeNotEnabledException) Message() string { 23369 if s.Message_ != nil { 23370 return *s.Message_ 23371 } 23372 return "" 23373 } 23374 23375 // OrigErr always returns nil, satisfies awserr.Error interface. 23376 func (s *PolicyTypeNotEnabledException) OrigErr() error { 23377 return nil 23378 } 23379 23380 func (s *PolicyTypeNotEnabledException) Error() string { 23381 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 23382 } 23383 23384 // Status code returns the HTTP status code for the request's response error. 23385 func (s *PolicyTypeNotEnabledException) StatusCode() int { 23386 return s.RespMetadata.StatusCode 23387 } 23388 23389 // RequestID returns the service's response RequestID for request. 23390 func (s *PolicyTypeNotEnabledException) RequestID() string { 23391 return s.RespMetadata.RequestID 23392 } 23393 23394 // Contains information about a policy type and its status in the associated 23395 // root. 23396 type PolicyTypeSummary struct { 23397 _ struct{} `type:"structure"` 23398 23399 // The status of the policy type as it relates to the associated root. To attach 23400 // a policy of the specified type to a root or to an OU or account in that root, 23401 // it must be available in the organization and enabled for that root. 23402 Status *string `type:"string" enum:"PolicyTypeStatus"` 23403 23404 // The name of the policy type. 23405 Type *string `type:"string" enum:"PolicyType"` 23406 } 23407 23408 // String returns the string representation. 23409 // 23410 // API parameter values that are decorated as "sensitive" in the API will not 23411 // be included in the string output. The member name will be present, but the 23412 // value will be replaced with "sensitive". 23413 func (s PolicyTypeSummary) String() string { 23414 return awsutil.Prettify(s) 23415 } 23416 23417 // GoString returns the string representation. 23418 // 23419 // API parameter values that are decorated as "sensitive" in the API will not 23420 // be included in the string output. The member name will be present, but the 23421 // value will be replaced with "sensitive". 23422 func (s PolicyTypeSummary) GoString() string { 23423 return s.String() 23424 } 23425 23426 // SetStatus sets the Status field's value. 23427 func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary { 23428 s.Status = &v 23429 return s 23430 } 23431 23432 // SetType sets the Type field's value. 23433 func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary { 23434 s.Type = &v 23435 return s 23436 } 23437 23438 type RegisterDelegatedAdministratorInput struct { 23439 _ struct{} `type:"structure"` 23440 23441 // The account ID number of the member account in the organization to register 23442 // as a delegated administrator. 23443 // 23444 // AccountId is a required field 23445 AccountId *string `type:"string" required:"true"` 23446 23447 // The service principal of the AWS service for which you want to make the member 23448 // account a delegated administrator. 23449 // 23450 // ServicePrincipal is a required field 23451 ServicePrincipal *string `min:"1" type:"string" required:"true"` 23452 } 23453 23454 // String returns the string representation. 23455 // 23456 // API parameter values that are decorated as "sensitive" in the API will not 23457 // be included in the string output. The member name will be present, but the 23458 // value will be replaced with "sensitive". 23459 func (s RegisterDelegatedAdministratorInput) String() string { 23460 return awsutil.Prettify(s) 23461 } 23462 23463 // GoString returns the string representation. 23464 // 23465 // API parameter values that are decorated as "sensitive" in the API will not 23466 // be included in the string output. The member name will be present, but the 23467 // value will be replaced with "sensitive". 23468 func (s RegisterDelegatedAdministratorInput) GoString() string { 23469 return s.String() 23470 } 23471 23472 // Validate inspects the fields of the type to determine if they are valid. 23473 func (s *RegisterDelegatedAdministratorInput) Validate() error { 23474 invalidParams := request.ErrInvalidParams{Context: "RegisterDelegatedAdministratorInput"} 23475 if s.AccountId == nil { 23476 invalidParams.Add(request.NewErrParamRequired("AccountId")) 23477 } 23478 if s.ServicePrincipal == nil { 23479 invalidParams.Add(request.NewErrParamRequired("ServicePrincipal")) 23480 } 23481 if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 { 23482 invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1)) 23483 } 23484 23485 if invalidParams.Len() > 0 { 23486 return invalidParams 23487 } 23488 return nil 23489 } 23490 23491 // SetAccountId sets the AccountId field's value. 23492 func (s *RegisterDelegatedAdministratorInput) SetAccountId(v string) *RegisterDelegatedAdministratorInput { 23493 s.AccountId = &v 23494 return s 23495 } 23496 23497 // SetServicePrincipal sets the ServicePrincipal field's value. 23498 func (s *RegisterDelegatedAdministratorInput) SetServicePrincipal(v string) *RegisterDelegatedAdministratorInput { 23499 s.ServicePrincipal = &v 23500 return s 23501 } 23502 23503 type RegisterDelegatedAdministratorOutput struct { 23504 _ struct{} `type:"structure"` 23505 } 23506 23507 // String returns the string representation. 23508 // 23509 // API parameter values that are decorated as "sensitive" in the API will not 23510 // be included in the string output. The member name will be present, but the 23511 // value will be replaced with "sensitive". 23512 func (s RegisterDelegatedAdministratorOutput) String() string { 23513 return awsutil.Prettify(s) 23514 } 23515 23516 // GoString returns the string representation. 23517 // 23518 // API parameter values that are decorated as "sensitive" in the API will not 23519 // be included in the string output. The member name will be present, but the 23520 // value will be replaced with "sensitive". 23521 func (s RegisterDelegatedAdministratorOutput) GoString() string { 23522 return s.String() 23523 } 23524 23525 type RemoveAccountFromOrganizationInput struct { 23526 _ struct{} `type:"structure"` 23527 23528 // The unique identifier (ID) of the member account that you want to remove 23529 // from the organization. 23530 // 23531 // The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string 23532 // requires exactly 12 digits. 23533 // 23534 // AccountId is a required field 23535 AccountId *string `type:"string" required:"true"` 23536 } 23537 23538 // String returns the string representation. 23539 // 23540 // API parameter values that are decorated as "sensitive" in the API will not 23541 // be included in the string output. The member name will be present, but the 23542 // value will be replaced with "sensitive". 23543 func (s RemoveAccountFromOrganizationInput) String() string { 23544 return awsutil.Prettify(s) 23545 } 23546 23547 // GoString returns the string representation. 23548 // 23549 // API parameter values that are decorated as "sensitive" in the API will not 23550 // be included in the string output. The member name will be present, but the 23551 // value will be replaced with "sensitive". 23552 func (s RemoveAccountFromOrganizationInput) GoString() string { 23553 return s.String() 23554 } 23555 23556 // Validate inspects the fields of the type to determine if they are valid. 23557 func (s *RemoveAccountFromOrganizationInput) Validate() error { 23558 invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"} 23559 if s.AccountId == nil { 23560 invalidParams.Add(request.NewErrParamRequired("AccountId")) 23561 } 23562 23563 if invalidParams.Len() > 0 { 23564 return invalidParams 23565 } 23566 return nil 23567 } 23568 23569 // SetAccountId sets the AccountId field's value. 23570 func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput { 23571 s.AccountId = &v 23572 return s 23573 } 23574 23575 type RemoveAccountFromOrganizationOutput struct { 23576 _ struct{} `type:"structure"` 23577 } 23578 23579 // String returns the string representation. 23580 // 23581 // API parameter values that are decorated as "sensitive" in the API will not 23582 // be included in the string output. The member name will be present, but the 23583 // value will be replaced with "sensitive". 23584 func (s RemoveAccountFromOrganizationOutput) String() string { 23585 return awsutil.Prettify(s) 23586 } 23587 23588 // GoString returns the string representation. 23589 // 23590 // API parameter values that are decorated as "sensitive" in the API will not 23591 // be included in the string output. The member name will be present, but the 23592 // value will be replaced with "sensitive". 23593 func (s RemoveAccountFromOrganizationOutput) GoString() string { 23594 return s.String() 23595 } 23596 23597 // Contains details about a root. A root is a top-level parent node in the hierarchy 23598 // of an organization that can contain organizational units (OUs) and accounts. 23599 // The root contains every AWS account in the organization. 23600 type Root struct { 23601 _ struct{} `type:"structure"` 23602 23603 // The Amazon Resource Name (ARN) of the root. 23604 // 23605 // For more information about ARNs in Organizations, see ARN Formats Supported 23606 // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) 23607 // in the AWS Service Authorization Reference. 23608 Arn *string `type:"string"` 23609 23610 // The unique identifier (ID) for the root. 23611 // 23612 // The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string 23613 // requires "r-" followed by from 4 to 32 lowercase letters or digits. 23614 Id *string `type:"string"` 23615 23616 // The friendly name of the root. 23617 // 23618 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 23619 // this parameter is a string of any of the characters in the ASCII character 23620 // range. 23621 Name *string `min:"1" type:"string"` 23622 23623 // The types of policies that are currently enabled for the root and therefore 23624 // can be attached to the root or to its OUs or accounts. 23625 // 23626 // Even if a policy type is shown as available in the organization, you can 23627 // separately enable and disable them at the root level by using EnablePolicyType 23628 // and DisablePolicyType. Use DescribeOrganization to see the availability of 23629 // the policy types in that organization. 23630 PolicyTypes []*PolicyTypeSummary `type:"list"` 23631 } 23632 23633 // String returns the string representation. 23634 // 23635 // API parameter values that are decorated as "sensitive" in the API will not 23636 // be included in the string output. The member name will be present, but the 23637 // value will be replaced with "sensitive". 23638 func (s Root) String() string { 23639 return awsutil.Prettify(s) 23640 } 23641 23642 // GoString returns the string representation. 23643 // 23644 // API parameter values that are decorated as "sensitive" in the API will not 23645 // be included in the string output. The member name will be present, but the 23646 // value will be replaced with "sensitive". 23647 func (s Root) GoString() string { 23648 return s.String() 23649 } 23650 23651 // SetArn sets the Arn field's value. 23652 func (s *Root) SetArn(v string) *Root { 23653 s.Arn = &v 23654 return s 23655 } 23656 23657 // SetId sets the Id field's value. 23658 func (s *Root) SetId(v string) *Root { 23659 s.Id = &v 23660 return s 23661 } 23662 23663 // SetName sets the Name field's value. 23664 func (s *Root) SetName(v string) *Root { 23665 s.Name = &v 23666 return s 23667 } 23668 23669 // SetPolicyTypes sets the PolicyTypes field's value. 23670 func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root { 23671 s.PolicyTypes = v 23672 return s 23673 } 23674 23675 // We can't find a root with the RootId that you specified. 23676 type RootNotFoundException struct { 23677 _ struct{} `type:"structure"` 23678 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 23679 23680 Message_ *string `locationName:"Message" type:"string"` 23681 } 23682 23683 // String returns the string representation. 23684 // 23685 // API parameter values that are decorated as "sensitive" in the API will not 23686 // be included in the string output. The member name will be present, but the 23687 // value will be replaced with "sensitive". 23688 func (s RootNotFoundException) String() string { 23689 return awsutil.Prettify(s) 23690 } 23691 23692 // GoString returns the string representation. 23693 // 23694 // API parameter values that are decorated as "sensitive" in the API will not 23695 // be included in the string output. The member name will be present, but the 23696 // value will be replaced with "sensitive". 23697 func (s RootNotFoundException) GoString() string { 23698 return s.String() 23699 } 23700 23701 func newErrorRootNotFoundException(v protocol.ResponseMetadata) error { 23702 return &RootNotFoundException{ 23703 RespMetadata: v, 23704 } 23705 } 23706 23707 // Code returns the exception type name. 23708 func (s *RootNotFoundException) Code() string { 23709 return "RootNotFoundException" 23710 } 23711 23712 // Message returns the exception's message. 23713 func (s *RootNotFoundException) Message() string { 23714 if s.Message_ != nil { 23715 return *s.Message_ 23716 } 23717 return "" 23718 } 23719 23720 // OrigErr always returns nil, satisfies awserr.Error interface. 23721 func (s *RootNotFoundException) OrigErr() error { 23722 return nil 23723 } 23724 23725 func (s *RootNotFoundException) Error() string { 23726 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 23727 } 23728 23729 // Status code returns the HTTP status code for the request's response error. 23730 func (s *RootNotFoundException) StatusCode() int { 23731 return s.RespMetadata.StatusCode 23732 } 23733 23734 // RequestID returns the service's response RequestID for request. 23735 func (s *RootNotFoundException) RequestID() string { 23736 return s.RespMetadata.RequestID 23737 } 23738 23739 // AWS Organizations can't complete your request because of an internal service 23740 // error. Try again later. 23741 type ServiceException struct { 23742 _ struct{} `type:"structure"` 23743 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 23744 23745 Message_ *string `locationName:"Message" type:"string"` 23746 } 23747 23748 // String returns the string representation. 23749 // 23750 // API parameter values that are decorated as "sensitive" in the API will not 23751 // be included in the string output. The member name will be present, but the 23752 // value will be replaced with "sensitive". 23753 func (s ServiceException) String() string { 23754 return awsutil.Prettify(s) 23755 } 23756 23757 // GoString returns the string representation. 23758 // 23759 // API parameter values that are decorated as "sensitive" in the API will not 23760 // be included in the string output. The member name will be present, but the 23761 // value will be replaced with "sensitive". 23762 func (s ServiceException) GoString() string { 23763 return s.String() 23764 } 23765 23766 func newErrorServiceException(v protocol.ResponseMetadata) error { 23767 return &ServiceException{ 23768 RespMetadata: v, 23769 } 23770 } 23771 23772 // Code returns the exception type name. 23773 func (s *ServiceException) Code() string { 23774 return "ServiceException" 23775 } 23776 23777 // Message returns the exception's message. 23778 func (s *ServiceException) Message() string { 23779 if s.Message_ != nil { 23780 return *s.Message_ 23781 } 23782 return "" 23783 } 23784 23785 // OrigErr always returns nil, satisfies awserr.Error interface. 23786 func (s *ServiceException) OrigErr() error { 23787 return nil 23788 } 23789 23790 func (s *ServiceException) Error() string { 23791 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 23792 } 23793 23794 // Status code returns the HTTP status code for the request's response error. 23795 func (s *ServiceException) StatusCode() int { 23796 return s.RespMetadata.StatusCode 23797 } 23798 23799 // RequestID returns the service's response RequestID for request. 23800 func (s *ServiceException) RequestID() string { 23801 return s.RespMetadata.RequestID 23802 } 23803 23804 // We can't find a source root or OU with the ParentId that you specified. 23805 type SourceParentNotFoundException struct { 23806 _ struct{} `type:"structure"` 23807 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 23808 23809 Message_ *string `locationName:"Message" type:"string"` 23810 } 23811 23812 // String returns the string representation. 23813 // 23814 // API parameter values that are decorated as "sensitive" in the API will not 23815 // be included in the string output. The member name will be present, but the 23816 // value will be replaced with "sensitive". 23817 func (s SourceParentNotFoundException) String() string { 23818 return awsutil.Prettify(s) 23819 } 23820 23821 // GoString returns the string representation. 23822 // 23823 // API parameter values that are decorated as "sensitive" in the API will not 23824 // be included in the string output. The member name will be present, but the 23825 // value will be replaced with "sensitive". 23826 func (s SourceParentNotFoundException) GoString() string { 23827 return s.String() 23828 } 23829 23830 func newErrorSourceParentNotFoundException(v protocol.ResponseMetadata) error { 23831 return &SourceParentNotFoundException{ 23832 RespMetadata: v, 23833 } 23834 } 23835 23836 // Code returns the exception type name. 23837 func (s *SourceParentNotFoundException) Code() string { 23838 return "SourceParentNotFoundException" 23839 } 23840 23841 // Message returns the exception's message. 23842 func (s *SourceParentNotFoundException) Message() string { 23843 if s.Message_ != nil { 23844 return *s.Message_ 23845 } 23846 return "" 23847 } 23848 23849 // OrigErr always returns nil, satisfies awserr.Error interface. 23850 func (s *SourceParentNotFoundException) OrigErr() error { 23851 return nil 23852 } 23853 23854 func (s *SourceParentNotFoundException) Error() string { 23855 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 23856 } 23857 23858 // Status code returns the HTTP status code for the request's response error. 23859 func (s *SourceParentNotFoundException) StatusCode() int { 23860 return s.RespMetadata.StatusCode 23861 } 23862 23863 // RequestID returns the service's response RequestID for request. 23864 func (s *SourceParentNotFoundException) RequestID() string { 23865 return s.RespMetadata.RequestID 23866 } 23867 23868 // A custom key-value pair associated with a resource within your organization. 23869 // 23870 // You can attach tags to any of the following organization resources. 23871 // 23872 // * AWS account 23873 // 23874 // * Organizational unit (OU) 23875 // 23876 // * Organization root 23877 // 23878 // * Policy 23879 type Tag struct { 23880 _ struct{} `type:"structure"` 23881 23882 // The key identifier, or name, of the tag. 23883 // 23884 // Key is a required field 23885 Key *string `min:"1" type:"string" required:"true"` 23886 23887 // The string value that's associated with the key of the tag. You can set the 23888 // value of a tag to an empty string, but you can't set the value of a tag to 23889 // null. 23890 // 23891 // Value is a required field 23892 Value *string `type:"string" required:"true"` 23893 } 23894 23895 // String returns the string representation. 23896 // 23897 // API parameter values that are decorated as "sensitive" in the API will not 23898 // be included in the string output. The member name will be present, but the 23899 // value will be replaced with "sensitive". 23900 func (s Tag) String() string { 23901 return awsutil.Prettify(s) 23902 } 23903 23904 // GoString returns the string representation. 23905 // 23906 // API parameter values that are decorated as "sensitive" in the API will not 23907 // be included in the string output. The member name will be present, but the 23908 // value will be replaced with "sensitive". 23909 func (s Tag) GoString() string { 23910 return s.String() 23911 } 23912 23913 // Validate inspects the fields of the type to determine if they are valid. 23914 func (s *Tag) Validate() error { 23915 invalidParams := request.ErrInvalidParams{Context: "Tag"} 23916 if s.Key == nil { 23917 invalidParams.Add(request.NewErrParamRequired("Key")) 23918 } 23919 if s.Key != nil && len(*s.Key) < 1 { 23920 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 23921 } 23922 if s.Value == nil { 23923 invalidParams.Add(request.NewErrParamRequired("Value")) 23924 } 23925 23926 if invalidParams.Len() > 0 { 23927 return invalidParams 23928 } 23929 return nil 23930 } 23931 23932 // SetKey sets the Key field's value. 23933 func (s *Tag) SetKey(v string) *Tag { 23934 s.Key = &v 23935 return s 23936 } 23937 23938 // SetValue sets the Value field's value. 23939 func (s *Tag) SetValue(v string) *Tag { 23940 s.Value = &v 23941 return s 23942 } 23943 23944 type TagResourceInput struct { 23945 _ struct{} `type:"structure"` 23946 23947 // The ID of the resource to add a tag to. 23948 // 23949 // ResourceId is a required field 23950 ResourceId *string `type:"string" required:"true"` 23951 23952 // A list of tags to add to the specified resource. 23953 // 23954 // You can specify any of the following taggable resources. 23955 // 23956 // * AWS account – specify the account ID number. 23957 // 23958 // * Organizational unit – specify the OU ID that begins with ou- and looks 23959 // similar to: ou-1a2b-34uvwxyz 23960 // 23961 // * Root – specify the root ID that begins with r- and looks similar to: 23962 // r-1a2b 23963 // 23964 // * Policy – specify the policy ID that begins with p- andlooks similar 23965 // to: p-12abcdefg3 23966 // 23967 // For each tag in the list, you must specify both a tag key and a value. You 23968 // can set the value to an empty string, but you can't set it to null. 23969 // 23970 // If any one of the tags is invalid or if you exceed the allowed number of 23971 // tags for an account user, then the entire request fails and the account is 23972 // not created. 23973 // 23974 // Tags is a required field 23975 Tags []*Tag `type:"list" required:"true"` 23976 } 23977 23978 // String returns the string representation. 23979 // 23980 // API parameter values that are decorated as "sensitive" in the API will not 23981 // be included in the string output. The member name will be present, but the 23982 // value will be replaced with "sensitive". 23983 func (s TagResourceInput) String() string { 23984 return awsutil.Prettify(s) 23985 } 23986 23987 // GoString returns the string representation. 23988 // 23989 // API parameter values that are decorated as "sensitive" in the API will not 23990 // be included in the string output. The member name will be present, but the 23991 // value will be replaced with "sensitive". 23992 func (s TagResourceInput) GoString() string { 23993 return s.String() 23994 } 23995 23996 // Validate inspects the fields of the type to determine if they are valid. 23997 func (s *TagResourceInput) Validate() error { 23998 invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} 23999 if s.ResourceId == nil { 24000 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 24001 } 24002 if s.Tags == nil { 24003 invalidParams.Add(request.NewErrParamRequired("Tags")) 24004 } 24005 if s.Tags != nil { 24006 for i, v := range s.Tags { 24007 if v == nil { 24008 continue 24009 } 24010 if err := v.Validate(); err != nil { 24011 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 24012 } 24013 } 24014 } 24015 24016 if invalidParams.Len() > 0 { 24017 return invalidParams 24018 } 24019 return nil 24020 } 24021 24022 // SetResourceId sets the ResourceId field's value. 24023 func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput { 24024 s.ResourceId = &v 24025 return s 24026 } 24027 24028 // SetTags sets the Tags field's value. 24029 func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { 24030 s.Tags = v 24031 return s 24032 } 24033 24034 type TagResourceOutput struct { 24035 _ struct{} `type:"structure"` 24036 } 24037 24038 // String returns the string representation. 24039 // 24040 // API parameter values that are decorated as "sensitive" in the API will not 24041 // be included in the string output. The member name will be present, but the 24042 // value will be replaced with "sensitive". 24043 func (s TagResourceOutput) String() string { 24044 return awsutil.Prettify(s) 24045 } 24046 24047 // GoString returns the string representation. 24048 // 24049 // API parameter values that are decorated as "sensitive" in the API will not 24050 // be included in the string output. The member name will be present, but the 24051 // value will be replaced with "sensitive". 24052 func (s TagResourceOutput) GoString() string { 24053 return s.String() 24054 } 24055 24056 // We can't find a root, OU, account, or policy with the TargetId that you specified. 24057 type TargetNotFoundException struct { 24058 _ struct{} `type:"structure"` 24059 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 24060 24061 Message_ *string `locationName:"Message" type:"string"` 24062 } 24063 24064 // String returns the string representation. 24065 // 24066 // API parameter values that are decorated as "sensitive" in the API will not 24067 // be included in the string output. The member name will be present, but the 24068 // value will be replaced with "sensitive". 24069 func (s TargetNotFoundException) String() string { 24070 return awsutil.Prettify(s) 24071 } 24072 24073 // GoString returns the string representation. 24074 // 24075 // API parameter values that are decorated as "sensitive" in the API will not 24076 // be included in the string output. The member name will be present, but the 24077 // value will be replaced with "sensitive". 24078 func (s TargetNotFoundException) GoString() string { 24079 return s.String() 24080 } 24081 24082 func newErrorTargetNotFoundException(v protocol.ResponseMetadata) error { 24083 return &TargetNotFoundException{ 24084 RespMetadata: v, 24085 } 24086 } 24087 24088 // Code returns the exception type name. 24089 func (s *TargetNotFoundException) Code() string { 24090 return "TargetNotFoundException" 24091 } 24092 24093 // Message returns the exception's message. 24094 func (s *TargetNotFoundException) Message() string { 24095 if s.Message_ != nil { 24096 return *s.Message_ 24097 } 24098 return "" 24099 } 24100 24101 // OrigErr always returns nil, satisfies awserr.Error interface. 24102 func (s *TargetNotFoundException) OrigErr() error { 24103 return nil 24104 } 24105 24106 func (s *TargetNotFoundException) Error() string { 24107 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 24108 } 24109 24110 // Status code returns the HTTP status code for the request's response error. 24111 func (s *TargetNotFoundException) StatusCode() int { 24112 return s.RespMetadata.StatusCode 24113 } 24114 24115 // RequestID returns the service's response RequestID for request. 24116 func (s *TargetNotFoundException) RequestID() string { 24117 return s.RespMetadata.RequestID 24118 } 24119 24120 // You have sent too many requests in too short a period of time. The quota 24121 // helps protect against denial-of-service attacks. Try again later. 24122 // 24123 // For information about quotas that affect AWS Organizations, see Quotas for 24124 // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in 24125 // the AWS Organizations User Guide. 24126 type TooManyRequestsException struct { 24127 _ struct{} `type:"structure"` 24128 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 24129 24130 Message_ *string `locationName:"Message" type:"string"` 24131 24132 Type *string `type:"string"` 24133 } 24134 24135 // String returns the string representation. 24136 // 24137 // API parameter values that are decorated as "sensitive" in the API will not 24138 // be included in the string output. The member name will be present, but the 24139 // value will be replaced with "sensitive". 24140 func (s TooManyRequestsException) String() string { 24141 return awsutil.Prettify(s) 24142 } 24143 24144 // GoString returns the string representation. 24145 // 24146 // API parameter values that are decorated as "sensitive" in the API will not 24147 // be included in the string output. The member name will be present, but the 24148 // value will be replaced with "sensitive". 24149 func (s TooManyRequestsException) GoString() string { 24150 return s.String() 24151 } 24152 24153 func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error { 24154 return &TooManyRequestsException{ 24155 RespMetadata: v, 24156 } 24157 } 24158 24159 // Code returns the exception type name. 24160 func (s *TooManyRequestsException) Code() string { 24161 return "TooManyRequestsException" 24162 } 24163 24164 // Message returns the exception's message. 24165 func (s *TooManyRequestsException) Message() string { 24166 if s.Message_ != nil { 24167 return *s.Message_ 24168 } 24169 return "" 24170 } 24171 24172 // OrigErr always returns nil, satisfies awserr.Error interface. 24173 func (s *TooManyRequestsException) OrigErr() error { 24174 return nil 24175 } 24176 24177 func (s *TooManyRequestsException) Error() string { 24178 return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) 24179 } 24180 24181 // Status code returns the HTTP status code for the request's response error. 24182 func (s *TooManyRequestsException) StatusCode() int { 24183 return s.RespMetadata.StatusCode 24184 } 24185 24186 // RequestID returns the service's response RequestID for request. 24187 func (s *TooManyRequestsException) RequestID() string { 24188 return s.RespMetadata.RequestID 24189 } 24190 24191 // This action isn't available in the current AWS Region. 24192 type UnsupportedAPIEndpointException struct { 24193 _ struct{} `type:"structure"` 24194 RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` 24195 24196 Message_ *string `locationName:"Message" type:"string"` 24197 } 24198 24199 // String returns the string representation. 24200 // 24201 // API parameter values that are decorated as "sensitive" in the API will not 24202 // be included in the string output. The member name will be present, but the 24203 // value will be replaced with "sensitive". 24204 func (s UnsupportedAPIEndpointException) String() string { 24205 return awsutil.Prettify(s) 24206 } 24207 24208 // GoString returns the string representation. 24209 // 24210 // API parameter values that are decorated as "sensitive" in the API will not 24211 // be included in the string output. The member name will be present, but the 24212 // value will be replaced with "sensitive". 24213 func (s UnsupportedAPIEndpointException) GoString() string { 24214 return s.String() 24215 } 24216 24217 func newErrorUnsupportedAPIEndpointException(v protocol.ResponseMetadata) error { 24218 return &UnsupportedAPIEndpointException{ 24219 RespMetadata: v, 24220 } 24221 } 24222 24223 // Code returns the exception type name. 24224 func (s *UnsupportedAPIEndpointException) Code() string { 24225 return "UnsupportedAPIEndpointException" 24226 } 24227 24228 // Message returns the exception's message. 24229 func (s *UnsupportedAPIEndpointException) Message() string { 24230 if s.Message_ != nil { 24231 return *s.Message_ 24232 } 24233 return "" 24234 } 24235 24236 // OrigErr always returns nil, satisfies awserr.Error interface. 24237 func (s *UnsupportedAPIEndpointException) OrigErr() error { 24238 return nil 24239 } 24240 24241 func (s *UnsupportedAPIEndpointException) Error() string { 24242 return fmt.Sprintf("%s: %s", s.Code(), s.Message()) 24243 } 24244 24245 // Status code returns the HTTP status code for the request's response error. 24246 func (s *UnsupportedAPIEndpointException) StatusCode() int { 24247 return s.RespMetadata.StatusCode 24248 } 24249 24250 // RequestID returns the service's response RequestID for request. 24251 func (s *UnsupportedAPIEndpointException) RequestID() string { 24252 return s.RespMetadata.RequestID 24253 } 24254 24255 type UntagResourceInput struct { 24256 _ struct{} `type:"structure"` 24257 24258 // The ID of the resource to remove a tag from. 24259 // 24260 // You can specify any of the following taggable resources. 24261 // 24262 // * AWS account – specify the account ID number. 24263 // 24264 // * Organizational unit – specify the OU ID that begins with ou- and looks 24265 // similar to: ou-1a2b-34uvwxyz 24266 // 24267 // * Root – specify the root ID that begins with r- and looks similar to: 24268 // r-1a2b 24269 // 24270 // * Policy – specify the policy ID that begins with p- andlooks similar 24271 // to: p-12abcdefg3 24272 // 24273 // ResourceId is a required field 24274 ResourceId *string `type:"string" required:"true"` 24275 24276 // The list of keys for tags to remove from the specified resource. 24277 // 24278 // TagKeys is a required field 24279 TagKeys []*string `type:"list" required:"true"` 24280 } 24281 24282 // String returns the string representation. 24283 // 24284 // API parameter values that are decorated as "sensitive" in the API will not 24285 // be included in the string output. The member name will be present, but the 24286 // value will be replaced with "sensitive". 24287 func (s UntagResourceInput) String() string { 24288 return awsutil.Prettify(s) 24289 } 24290 24291 // GoString returns the string representation. 24292 // 24293 // API parameter values that are decorated as "sensitive" in the API will not 24294 // be included in the string output. The member name will be present, but the 24295 // value will be replaced with "sensitive". 24296 func (s UntagResourceInput) GoString() string { 24297 return s.String() 24298 } 24299 24300 // Validate inspects the fields of the type to determine if they are valid. 24301 func (s *UntagResourceInput) Validate() error { 24302 invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} 24303 if s.ResourceId == nil { 24304 invalidParams.Add(request.NewErrParamRequired("ResourceId")) 24305 } 24306 if s.TagKeys == nil { 24307 invalidParams.Add(request.NewErrParamRequired("TagKeys")) 24308 } 24309 24310 if invalidParams.Len() > 0 { 24311 return invalidParams 24312 } 24313 return nil 24314 } 24315 24316 // SetResourceId sets the ResourceId field's value. 24317 func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput { 24318 s.ResourceId = &v 24319 return s 24320 } 24321 24322 // SetTagKeys sets the TagKeys field's value. 24323 func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { 24324 s.TagKeys = v 24325 return s 24326 } 24327 24328 type UntagResourceOutput struct { 24329 _ struct{} `type:"structure"` 24330 } 24331 24332 // String returns the string representation. 24333 // 24334 // API parameter values that are decorated as "sensitive" in the API will not 24335 // be included in the string output. The member name will be present, but the 24336 // value will be replaced with "sensitive". 24337 func (s UntagResourceOutput) String() string { 24338 return awsutil.Prettify(s) 24339 } 24340 24341 // GoString returns the string representation. 24342 // 24343 // API parameter values that are decorated as "sensitive" in the API will not 24344 // be included in the string output. The member name will be present, but the 24345 // value will be replaced with "sensitive". 24346 func (s UntagResourceOutput) GoString() string { 24347 return s.String() 24348 } 24349 24350 type UpdateOrganizationalUnitInput struct { 24351 _ struct{} `type:"structure"` 24352 24353 // The new name that you want to assign to the OU. 24354 // 24355 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 24356 // this parameter is a string of any of the characters in the ASCII character 24357 // range. 24358 Name *string `min:"1" type:"string"` 24359 24360 // The unique identifier (ID) of the OU that you want to rename. You can get 24361 // the ID from the ListOrganizationalUnitsForParent operation. 24362 // 24363 // The regex pattern (http://wikipedia.org/wiki/regex) for an organizational 24364 // unit ID string requires "ou-" followed by from 4 to 32 lowercase letters 24365 // or digits (the ID of the root that contains the OU). This string is followed 24366 // by a second "-" dash and from 8 to 32 additional lowercase letters or digits. 24367 // 24368 // OrganizationalUnitId is a required field 24369 OrganizationalUnitId *string `type:"string" required:"true"` 24370 } 24371 24372 // String returns the string representation. 24373 // 24374 // API parameter values that are decorated as "sensitive" in the API will not 24375 // be included in the string output. The member name will be present, but the 24376 // value will be replaced with "sensitive". 24377 func (s UpdateOrganizationalUnitInput) String() string { 24378 return awsutil.Prettify(s) 24379 } 24380 24381 // GoString returns the string representation. 24382 // 24383 // API parameter values that are decorated as "sensitive" in the API will not 24384 // be included in the string output. The member name will be present, but the 24385 // value will be replaced with "sensitive". 24386 func (s UpdateOrganizationalUnitInput) GoString() string { 24387 return s.String() 24388 } 24389 24390 // Validate inspects the fields of the type to determine if they are valid. 24391 func (s *UpdateOrganizationalUnitInput) Validate() error { 24392 invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"} 24393 if s.Name != nil && len(*s.Name) < 1 { 24394 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 24395 } 24396 if s.OrganizationalUnitId == nil { 24397 invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId")) 24398 } 24399 24400 if invalidParams.Len() > 0 { 24401 return invalidParams 24402 } 24403 return nil 24404 } 24405 24406 // SetName sets the Name field's value. 24407 func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput { 24408 s.Name = &v 24409 return s 24410 } 24411 24412 // SetOrganizationalUnitId sets the OrganizationalUnitId field's value. 24413 func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput { 24414 s.OrganizationalUnitId = &v 24415 return s 24416 } 24417 24418 type UpdateOrganizationalUnitOutput struct { 24419 _ struct{} `type:"structure"` 24420 24421 // A structure that contains the details about the specified OU, including its 24422 // new name. 24423 OrganizationalUnit *OrganizationalUnit `type:"structure"` 24424 } 24425 24426 // String returns the string representation. 24427 // 24428 // API parameter values that are decorated as "sensitive" in the API will not 24429 // be included in the string output. The member name will be present, but the 24430 // value will be replaced with "sensitive". 24431 func (s UpdateOrganizationalUnitOutput) String() string { 24432 return awsutil.Prettify(s) 24433 } 24434 24435 // GoString returns the string representation. 24436 // 24437 // API parameter values that are decorated as "sensitive" in the API will not 24438 // be included in the string output. The member name will be present, but the 24439 // value will be replaced with "sensitive". 24440 func (s UpdateOrganizationalUnitOutput) GoString() string { 24441 return s.String() 24442 } 24443 24444 // SetOrganizationalUnit sets the OrganizationalUnit field's value. 24445 func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput { 24446 s.OrganizationalUnit = v 24447 return s 24448 } 24449 24450 type UpdatePolicyInput struct { 24451 _ struct{} `type:"structure"` 24452 24453 // If provided, the new content for the policy. The text must be correctly formatted 24454 // JSON that complies with the syntax for the policy's type. For more information, 24455 // see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) 24456 // in the AWS Organizations User Guide. 24457 Content *string `min:"1" type:"string"` 24458 24459 // If provided, the new description for the policy. 24460 Description *string `type:"string"` 24461 24462 // If provided, the new name for the policy. 24463 // 24464 // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate 24465 // this parameter is a string of any of the characters in the ASCII character 24466 // range. 24467 Name *string `min:"1" type:"string"` 24468 24469 // The unique identifier (ID) of the policy that you want to update. 24470 // 24471 // The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string 24472 // requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits, 24473 // or the underscore character (_). 24474 // 24475 // PolicyId is a required field 24476 PolicyId *string `type:"string" required:"true"` 24477 } 24478 24479 // String returns the string representation. 24480 // 24481 // API parameter values that are decorated as "sensitive" in the API will not 24482 // be included in the string output. The member name will be present, but the 24483 // value will be replaced with "sensitive". 24484 func (s UpdatePolicyInput) String() string { 24485 return awsutil.Prettify(s) 24486 } 24487 24488 // GoString returns the string representation. 24489 // 24490 // API parameter values that are decorated as "sensitive" in the API will not 24491 // be included in the string output. The member name will be present, but the 24492 // value will be replaced with "sensitive". 24493 func (s UpdatePolicyInput) GoString() string { 24494 return s.String() 24495 } 24496 24497 // Validate inspects the fields of the type to determine if they are valid. 24498 func (s *UpdatePolicyInput) Validate() error { 24499 invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"} 24500 if s.Content != nil && len(*s.Content) < 1 { 24501 invalidParams.Add(request.NewErrParamMinLen("Content", 1)) 24502 } 24503 if s.Name != nil && len(*s.Name) < 1 { 24504 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 24505 } 24506 if s.PolicyId == nil { 24507 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 24508 } 24509 24510 if invalidParams.Len() > 0 { 24511 return invalidParams 24512 } 24513 return nil 24514 } 24515 24516 // SetContent sets the Content field's value. 24517 func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput { 24518 s.Content = &v 24519 return s 24520 } 24521 24522 // SetDescription sets the Description field's value. 24523 func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput { 24524 s.Description = &v 24525 return s 24526 } 24527 24528 // SetName sets the Name field's value. 24529 func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput { 24530 s.Name = &v 24531 return s 24532 } 24533 24534 // SetPolicyId sets the PolicyId field's value. 24535 func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput { 24536 s.PolicyId = &v 24537 return s 24538 } 24539 24540 type UpdatePolicyOutput struct { 24541 _ struct{} `type:"structure"` 24542 24543 // A structure that contains details about the updated policy, showing the requested 24544 // changes. 24545 Policy *Policy `type:"structure"` 24546 } 24547 24548 // String returns the string representation. 24549 // 24550 // API parameter values that are decorated as "sensitive" in the API will not 24551 // be included in the string output. The member name will be present, but the 24552 // value will be replaced with "sensitive". 24553 func (s UpdatePolicyOutput) String() string { 24554 return awsutil.Prettify(s) 24555 } 24556 24557 // GoString returns the string representation. 24558 // 24559 // API parameter values that are decorated as "sensitive" in the API will not 24560 // be included in the string output. The member name will be present, but the 24561 // value will be replaced with "sensitive". 24562 func (s UpdatePolicyOutput) GoString() string { 24563 return s.String() 24564 } 24565 24566 // SetPolicy sets the Policy field's value. 24567 func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput { 24568 s.Policy = v 24569 return s 24570 } 24571 24572 const ( 24573 // AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value 24574 AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE" 24575 ) 24576 24577 // AccessDeniedForDependencyExceptionReason_Values returns all elements of the AccessDeniedForDependencyExceptionReason enum 24578 func AccessDeniedForDependencyExceptionReason_Values() []string { 24579 return []string{ 24580 AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole, 24581 } 24582 } 24583 24584 const ( 24585 // AccountJoinedMethodInvited is a AccountJoinedMethod enum value 24586 AccountJoinedMethodInvited = "INVITED" 24587 24588 // AccountJoinedMethodCreated is a AccountJoinedMethod enum value 24589 AccountJoinedMethodCreated = "CREATED" 24590 ) 24591 24592 // AccountJoinedMethod_Values returns all elements of the AccountJoinedMethod enum 24593 func AccountJoinedMethod_Values() []string { 24594 return []string{ 24595 AccountJoinedMethodInvited, 24596 AccountJoinedMethodCreated, 24597 } 24598 } 24599 24600 const ( 24601 // AccountStatusActive is a AccountStatus enum value 24602 AccountStatusActive = "ACTIVE" 24603 24604 // AccountStatusSuspended is a AccountStatus enum value 24605 AccountStatusSuspended = "SUSPENDED" 24606 ) 24607 24608 // AccountStatus_Values returns all elements of the AccountStatus enum 24609 func AccountStatus_Values() []string { 24610 return []string{ 24611 AccountStatusActive, 24612 AccountStatusSuspended, 24613 } 24614 } 24615 24616 const ( 24617 // ActionTypeInvite is a ActionType enum value 24618 ActionTypeInvite = "INVITE" 24619 24620 // ActionTypeEnableAllFeatures is a ActionType enum value 24621 ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES" 24622 24623 // ActionTypeApproveAllFeatures is a ActionType enum value 24624 ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES" 24625 24626 // ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value 24627 ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE" 24628 ) 24629 24630 // ActionType_Values returns all elements of the ActionType enum 24631 func ActionType_Values() []string { 24632 return []string{ 24633 ActionTypeInvite, 24634 ActionTypeEnableAllFeatures, 24635 ActionTypeApproveAllFeatures, 24636 ActionTypeAddOrganizationsServiceLinkedRole, 24637 } 24638 } 24639 24640 const ( 24641 // ChildTypeAccount is a ChildType enum value 24642 ChildTypeAccount = "ACCOUNT" 24643 24644 // ChildTypeOrganizationalUnit is a ChildType enum value 24645 ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 24646 ) 24647 24648 // ChildType_Values returns all elements of the ChildType enum 24649 func ChildType_Values() []string { 24650 return []string{ 24651 ChildTypeAccount, 24652 ChildTypeOrganizationalUnit, 24653 } 24654 } 24655 24656 const ( 24657 // ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 24658 ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 24659 24660 // ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value 24661 ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 24662 24663 // ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 24664 ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED" 24665 24666 // ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value 24667 ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED" 24668 24669 // ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value 24670 ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED" 24671 24672 // ConstraintViolationExceptionReasonPolicyContentLimitExceeded is a ConstraintViolationExceptionReason enum value 24673 ConstraintViolationExceptionReasonPolicyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED" 24674 24675 // ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 24676 ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 24677 24678 // ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value 24679 ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED" 24680 24681 // ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value 24682 ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION" 24683 24684 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value 24685 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA" 24686 24687 // ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value 24688 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION" 24689 24690 // ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 24691 ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 24692 24693 // ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value 24694 ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED" 24695 24696 // ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value 24697 ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED" 24698 24699 // ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value 24700 ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE" 24701 24702 // ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value 24703 ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO" 24704 24705 // ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value 24706 ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED" 24707 24708 // ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value 24709 ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE" 24710 24711 // ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value 24712 ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION" 24713 24714 // ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value 24715 ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED" 24716 24717 // ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value 24718 ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE" 24719 24720 // ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value 24721 ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED" 24722 24723 // ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value 24724 ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION" 24725 24726 // ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded is a ConstraintViolationExceptionReason enum value 24727 ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded = "MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED" 24728 24729 // ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator is a ConstraintViolationExceptionReason enum value 24730 ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator = "CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR" 24731 24732 // ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg is a ConstraintViolationExceptionReason enum value 24733 ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg = "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG" 24734 24735 // ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService is a ConstraintViolationExceptionReason enum value 24736 ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService = "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE" 24737 24738 // ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense is a ConstraintViolationExceptionReason enum value 24739 ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense = "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE" 24740 ) 24741 24742 // ConstraintViolationExceptionReason_Values returns all elements of the ConstraintViolationExceptionReason enum 24743 func ConstraintViolationExceptionReason_Values() []string { 24744 return []string{ 24745 ConstraintViolationExceptionReasonAccountNumberLimitExceeded, 24746 ConstraintViolationExceptionReasonHandshakeRateLimitExceeded, 24747 ConstraintViolationExceptionReasonOuNumberLimitExceeded, 24748 ConstraintViolationExceptionReasonOuDepthLimitExceeded, 24749 ConstraintViolationExceptionReasonPolicyNumberLimitExceeded, 24750 ConstraintViolationExceptionReasonPolicyContentLimitExceeded, 24751 ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded, 24752 ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded, 24753 ConstraintViolationExceptionReasonAccountCannotLeaveOrganization, 24754 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula, 24755 ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification, 24756 ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired, 24757 ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired, 24758 ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded, 24759 ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace, 24760 ConstraintViolationExceptionReasonMasterAccountMissingContactInfo, 24761 ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled, 24762 ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode, 24763 ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion, 24764 ConstraintViolationExceptionReasonEmailVerificationCodeExpired, 24765 ConstraintViolationExceptionReasonWaitPeriodActive, 24766 ConstraintViolationExceptionReasonMaxTagLimitExceeded, 24767 ConstraintViolationExceptionReasonTagPolicyViolation, 24768 ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded, 24769 ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator, 24770 ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg, 24771 ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService, 24772 ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense, 24773 } 24774 } 24775 24776 const ( 24777 // CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value 24778 CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED" 24779 24780 // CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value 24781 CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS" 24782 24783 // CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value 24784 CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS" 24785 24786 // CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value 24787 CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL" 24788 24789 // CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value 24790 CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION" 24791 24792 // CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value 24793 CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE" 24794 24795 // CreateAccountFailureReasonGovcloudAccountAlreadyExists is a CreateAccountFailureReason enum value 24796 CreateAccountFailureReasonGovcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS" 24797 24798 // CreateAccountFailureReasonMissingBusinessValidation is a CreateAccountFailureReason enum value 24799 CreateAccountFailureReasonMissingBusinessValidation = "MISSING_BUSINESS_VALIDATION" 24800 24801 // CreateAccountFailureReasonFailedBusinessValidation is a CreateAccountFailureReason enum value 24802 CreateAccountFailureReasonFailedBusinessValidation = "FAILED_BUSINESS_VALIDATION" 24803 24804 // CreateAccountFailureReasonPendingBusinessValidation is a CreateAccountFailureReason enum value 24805 CreateAccountFailureReasonPendingBusinessValidation = "PENDING_BUSINESS_VALIDATION" 24806 24807 // CreateAccountFailureReasonInvalidIdentityForBusinessValidation is a CreateAccountFailureReason enum value 24808 CreateAccountFailureReasonInvalidIdentityForBusinessValidation = "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION" 24809 24810 // CreateAccountFailureReasonUnknownBusinessValidation is a CreateAccountFailureReason enum value 24811 CreateAccountFailureReasonUnknownBusinessValidation = "UNKNOWN_BUSINESS_VALIDATION" 24812 24813 // CreateAccountFailureReasonMissingPaymentInstrument is a CreateAccountFailureReason enum value 24814 CreateAccountFailureReasonMissingPaymentInstrument = "MISSING_PAYMENT_INSTRUMENT" 24815 ) 24816 24817 // CreateAccountFailureReason_Values returns all elements of the CreateAccountFailureReason enum 24818 func CreateAccountFailureReason_Values() []string { 24819 return []string{ 24820 CreateAccountFailureReasonAccountLimitExceeded, 24821 CreateAccountFailureReasonEmailAlreadyExists, 24822 CreateAccountFailureReasonInvalidAddress, 24823 CreateAccountFailureReasonInvalidEmail, 24824 CreateAccountFailureReasonConcurrentAccountModification, 24825 CreateAccountFailureReasonInternalFailure, 24826 CreateAccountFailureReasonGovcloudAccountAlreadyExists, 24827 CreateAccountFailureReasonMissingBusinessValidation, 24828 CreateAccountFailureReasonFailedBusinessValidation, 24829 CreateAccountFailureReasonPendingBusinessValidation, 24830 CreateAccountFailureReasonInvalidIdentityForBusinessValidation, 24831 CreateAccountFailureReasonUnknownBusinessValidation, 24832 CreateAccountFailureReasonMissingPaymentInstrument, 24833 } 24834 } 24835 24836 const ( 24837 // CreateAccountStateInProgress is a CreateAccountState enum value 24838 CreateAccountStateInProgress = "IN_PROGRESS" 24839 24840 // CreateAccountStateSucceeded is a CreateAccountState enum value 24841 CreateAccountStateSucceeded = "SUCCEEDED" 24842 24843 // CreateAccountStateFailed is a CreateAccountState enum value 24844 CreateAccountStateFailed = "FAILED" 24845 ) 24846 24847 // CreateAccountState_Values returns all elements of the CreateAccountState enum 24848 func CreateAccountState_Values() []string { 24849 return []string{ 24850 CreateAccountStateInProgress, 24851 CreateAccountStateSucceeded, 24852 CreateAccountStateFailed, 24853 } 24854 } 24855 24856 const ( 24857 // EffectivePolicyTypeTagPolicy is a EffectivePolicyType enum value 24858 EffectivePolicyTypeTagPolicy = "TAG_POLICY" 24859 24860 // EffectivePolicyTypeBackupPolicy is a EffectivePolicyType enum value 24861 EffectivePolicyTypeBackupPolicy = "BACKUP_POLICY" 24862 24863 // EffectivePolicyTypeAiservicesOptOutPolicy is a EffectivePolicyType enum value 24864 EffectivePolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY" 24865 ) 24866 24867 // EffectivePolicyType_Values returns all elements of the EffectivePolicyType enum 24868 func EffectivePolicyType_Values() []string { 24869 return []string{ 24870 EffectivePolicyTypeTagPolicy, 24871 EffectivePolicyTypeBackupPolicy, 24872 EffectivePolicyTypeAiservicesOptOutPolicy, 24873 } 24874 } 24875 24876 const ( 24877 // HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 24878 HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED" 24879 24880 // HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 24881 HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED" 24882 24883 // HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value 24884 HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION" 24885 24886 // HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 24887 HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES" 24888 24889 // HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration is a HandshakeConstraintViolationExceptionReason enum value 24890 HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration = "ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION" 24891 24892 // HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value 24893 HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES" 24894 24895 // HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value 24896 HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED" 24897 24898 // HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value 24899 HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD" 24900 24901 // HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value 24902 HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED" 24903 ) 24904 24905 // HandshakeConstraintViolationExceptionReason_Values returns all elements of the HandshakeConstraintViolationExceptionReason enum 24906 func HandshakeConstraintViolationExceptionReason_Values() []string { 24907 return []string{ 24908 HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded, 24909 HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded, 24910 HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization, 24911 HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures, 24912 HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration, 24913 HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures, 24914 HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired, 24915 HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord, 24916 HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded, 24917 } 24918 } 24919 24920 const ( 24921 // HandshakePartyTypeAccount is a HandshakePartyType enum value 24922 HandshakePartyTypeAccount = "ACCOUNT" 24923 24924 // HandshakePartyTypeOrganization is a HandshakePartyType enum value 24925 HandshakePartyTypeOrganization = "ORGANIZATION" 24926 24927 // HandshakePartyTypeEmail is a HandshakePartyType enum value 24928 HandshakePartyTypeEmail = "EMAIL" 24929 ) 24930 24931 // HandshakePartyType_Values returns all elements of the HandshakePartyType enum 24932 func HandshakePartyType_Values() []string { 24933 return []string{ 24934 HandshakePartyTypeAccount, 24935 HandshakePartyTypeOrganization, 24936 HandshakePartyTypeEmail, 24937 } 24938 } 24939 24940 const ( 24941 // HandshakeResourceTypeAccount is a HandshakeResourceType enum value 24942 HandshakeResourceTypeAccount = "ACCOUNT" 24943 24944 // HandshakeResourceTypeOrganization is a HandshakeResourceType enum value 24945 HandshakeResourceTypeOrganization = "ORGANIZATION" 24946 24947 // HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value 24948 HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET" 24949 24950 // HandshakeResourceTypeEmail is a HandshakeResourceType enum value 24951 HandshakeResourceTypeEmail = "EMAIL" 24952 24953 // HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value 24954 HandshakeResourceTypeMasterEmail = "MASTER_EMAIL" 24955 24956 // HandshakeResourceTypeMasterName is a HandshakeResourceType enum value 24957 HandshakeResourceTypeMasterName = "MASTER_NAME" 24958 24959 // HandshakeResourceTypeNotes is a HandshakeResourceType enum value 24960 HandshakeResourceTypeNotes = "NOTES" 24961 24962 // HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value 24963 HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE" 24964 ) 24965 24966 // HandshakeResourceType_Values returns all elements of the HandshakeResourceType enum 24967 func HandshakeResourceType_Values() []string { 24968 return []string{ 24969 HandshakeResourceTypeAccount, 24970 HandshakeResourceTypeOrganization, 24971 HandshakeResourceTypeOrganizationFeatureSet, 24972 HandshakeResourceTypeEmail, 24973 HandshakeResourceTypeMasterEmail, 24974 HandshakeResourceTypeMasterName, 24975 HandshakeResourceTypeNotes, 24976 HandshakeResourceTypeParentHandshake, 24977 } 24978 } 24979 24980 const ( 24981 // HandshakeStateRequested is a HandshakeState enum value 24982 HandshakeStateRequested = "REQUESTED" 24983 24984 // HandshakeStateOpen is a HandshakeState enum value 24985 HandshakeStateOpen = "OPEN" 24986 24987 // HandshakeStateCanceled is a HandshakeState enum value 24988 HandshakeStateCanceled = "CANCELED" 24989 24990 // HandshakeStateAccepted is a HandshakeState enum value 24991 HandshakeStateAccepted = "ACCEPTED" 24992 24993 // HandshakeStateDeclined is a HandshakeState enum value 24994 HandshakeStateDeclined = "DECLINED" 24995 24996 // HandshakeStateExpired is a HandshakeState enum value 24997 HandshakeStateExpired = "EXPIRED" 24998 ) 24999 25000 // HandshakeState_Values returns all elements of the HandshakeState enum 25001 func HandshakeState_Values() []string { 25002 return []string{ 25003 HandshakeStateRequested, 25004 HandshakeStateOpen, 25005 HandshakeStateCanceled, 25006 HandshakeStateAccepted, 25007 HandshakeStateDeclined, 25008 HandshakeStateExpired, 25009 } 25010 } 25011 25012 const ( 25013 // IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value 25014 IAMUserAccessToBillingAllow = "ALLOW" 25015 25016 // IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value 25017 IAMUserAccessToBillingDeny = "DENY" 25018 ) 25019 25020 // IAMUserAccessToBilling_Values returns all elements of the IAMUserAccessToBilling enum 25021 func IAMUserAccessToBilling_Values() []string { 25022 return []string{ 25023 IAMUserAccessToBillingAllow, 25024 IAMUserAccessToBillingDeny, 25025 } 25026 } 25027 25028 const ( 25029 // InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value 25030 InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET" 25031 25032 // InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value 25033 InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN" 25034 25035 // InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value 25036 InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID" 25037 25038 // InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value 25039 InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM" 25040 25041 // InvalidInputExceptionReasonInvalidEnumPolicyType is a InvalidInputExceptionReason enum value 25042 InvalidInputExceptionReasonInvalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE" 25043 25044 // InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value 25045 InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER" 25046 25047 // InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value 25048 InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED" 25049 25050 // InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value 25051 InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED" 25052 25053 // InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value 25054 InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED" 25055 25056 // InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value 25057 InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED" 25058 25059 // InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value 25060 InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY" 25061 25062 // InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value 25063 InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN" 25064 25065 // InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value 25066 InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID" 25067 25068 // InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value 25069 InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED" 25070 25071 // InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value 25072 InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN" 25073 25074 // InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value 25075 InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER" 25076 25077 // InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value 25078 InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS" 25079 25080 // InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value 25081 InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET" 25082 25083 // InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value 25084 InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL" 25085 25086 // InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value 25087 InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME" 25088 25089 // InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value 25090 InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER" 25091 25092 // InvalidInputExceptionReasonDuplicateTagKey is a InvalidInputExceptionReason enum value 25093 InvalidInputExceptionReasonDuplicateTagKey = "DUPLICATE_TAG_KEY" 25094 25095 // InvalidInputExceptionReasonTargetNotSupported is a InvalidInputExceptionReason enum value 25096 InvalidInputExceptionReasonTargetNotSupported = "TARGET_NOT_SUPPORTED" 25097 25098 // InvalidInputExceptionReasonInvalidEmailAddressTarget is a InvalidInputExceptionReason enum value 25099 InvalidInputExceptionReasonInvalidEmailAddressTarget = "INVALID_EMAIL_ADDRESS_TARGET" 25100 ) 25101 25102 // InvalidInputExceptionReason_Values returns all elements of the InvalidInputExceptionReason enum 25103 func InvalidInputExceptionReason_Values() []string { 25104 return []string{ 25105 InvalidInputExceptionReasonInvalidPartyTypeTarget, 25106 InvalidInputExceptionReasonInvalidSyntaxOrganizationArn, 25107 InvalidInputExceptionReasonInvalidSyntaxPolicyId, 25108 InvalidInputExceptionReasonInvalidEnum, 25109 InvalidInputExceptionReasonInvalidEnumPolicyType, 25110 InvalidInputExceptionReasonInvalidListMember, 25111 InvalidInputExceptionReasonMaxLengthExceeded, 25112 InvalidInputExceptionReasonMaxValueExceeded, 25113 InvalidInputExceptionReasonMinLengthExceeded, 25114 InvalidInputExceptionReasonMinValueExceeded, 25115 InvalidInputExceptionReasonImmutablePolicy, 25116 InvalidInputExceptionReasonInvalidPattern, 25117 InvalidInputExceptionReasonInvalidPatternTargetId, 25118 InvalidInputExceptionReasonInputRequired, 25119 InvalidInputExceptionReasonInvalidNextToken, 25120 InvalidInputExceptionReasonMaxLimitExceededFilter, 25121 InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots, 25122 InvalidInputExceptionReasonInvalidFullNameTarget, 25123 InvalidInputExceptionReasonUnrecognizedServicePrincipal, 25124 InvalidInputExceptionReasonInvalidRoleName, 25125 InvalidInputExceptionReasonInvalidSystemTagsParameter, 25126 InvalidInputExceptionReasonDuplicateTagKey, 25127 InvalidInputExceptionReasonTargetNotSupported, 25128 InvalidInputExceptionReasonInvalidEmailAddressTarget, 25129 } 25130 } 25131 25132 const ( 25133 // OrganizationFeatureSetAll is a OrganizationFeatureSet enum value 25134 OrganizationFeatureSetAll = "ALL" 25135 25136 // OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value 25137 OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING" 25138 ) 25139 25140 // OrganizationFeatureSet_Values returns all elements of the OrganizationFeatureSet enum 25141 func OrganizationFeatureSet_Values() []string { 25142 return []string{ 25143 OrganizationFeatureSetAll, 25144 OrganizationFeatureSetConsolidatedBilling, 25145 } 25146 } 25147 25148 const ( 25149 // ParentTypeRoot is a ParentType enum value 25150 ParentTypeRoot = "ROOT" 25151 25152 // ParentTypeOrganizationalUnit is a ParentType enum value 25153 ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 25154 ) 25155 25156 // ParentType_Values returns all elements of the ParentType enum 25157 func ParentType_Values() []string { 25158 return []string{ 25159 ParentTypeRoot, 25160 ParentTypeOrganizationalUnit, 25161 } 25162 } 25163 25164 const ( 25165 // PolicyTypeServiceControlPolicy is a PolicyType enum value 25166 PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY" 25167 25168 // PolicyTypeTagPolicy is a PolicyType enum value 25169 PolicyTypeTagPolicy = "TAG_POLICY" 25170 25171 // PolicyTypeBackupPolicy is a PolicyType enum value 25172 PolicyTypeBackupPolicy = "BACKUP_POLICY" 25173 25174 // PolicyTypeAiservicesOptOutPolicy is a PolicyType enum value 25175 PolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY" 25176 ) 25177 25178 // PolicyType_Values returns all elements of the PolicyType enum 25179 func PolicyType_Values() []string { 25180 return []string{ 25181 PolicyTypeServiceControlPolicy, 25182 PolicyTypeTagPolicy, 25183 PolicyTypeBackupPolicy, 25184 PolicyTypeAiservicesOptOutPolicy, 25185 } 25186 } 25187 25188 const ( 25189 // PolicyTypeStatusEnabled is a PolicyTypeStatus enum value 25190 PolicyTypeStatusEnabled = "ENABLED" 25191 25192 // PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value 25193 PolicyTypeStatusPendingEnable = "PENDING_ENABLE" 25194 25195 // PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value 25196 PolicyTypeStatusPendingDisable = "PENDING_DISABLE" 25197 ) 25198 25199 // PolicyTypeStatus_Values returns all elements of the PolicyTypeStatus enum 25200 func PolicyTypeStatus_Values() []string { 25201 return []string{ 25202 PolicyTypeStatusEnabled, 25203 PolicyTypeStatusPendingEnable, 25204 PolicyTypeStatusPendingDisable, 25205 } 25206 } 25207 25208 const ( 25209 // TargetTypeAccount is a TargetType enum value 25210 TargetTypeAccount = "ACCOUNT" 25211 25212 // TargetTypeOrganizationalUnit is a TargetType enum value 25213 TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT" 25214 25215 // TargetTypeRoot is a TargetType enum value 25216 TargetTypeRoot = "ROOT" 25217 ) 25218 25219 // TargetType_Values returns all elements of the TargetType enum 25220 func TargetType_Values() []string { 25221 return []string{ 25222 TargetTypeAccount, 25223 TargetTypeOrganizationalUnit, 25224 TargetTypeRoot, 25225 } 25226 }